By: Carolyn Crandall, CMO
Recently, Attivo participated the OpenStack Summit in Austin, Texas, where the company showcased its industry-leading, inside-the-network threat detection and forensic analysis technology. Highlighting customer use cases, Attivo demonstrated how its technology could enhance an organization’s current security infrastructure and provide valuable contributions to an adaptive defense strategy.
The OpenStack Summit brings together IT, security, telecommunications, cloud, app developer and OpenStack thought and technology leaders who are building the future of cloud computing.
Takeaways from OpenStack
The sheer growth in attendance at OpenStack Summit points to the accelerated popularity of open source cloud computing. Vertical markets most strongly represented included telecom, financial services, education and retail. While fielding questions at the Attivo booth, the team noticed a clear shift in attendee queries from lab and research projects to production deployments.
Still a predominately network infrastructure and storage event, it was gratifying to see solid interest in security and the increased attendance of security professionals, which points to accelerated deployment of OpenStack solutions. Insider threats, ransomware and stolen credentials were among the most popular topics discussed. Attended by thousands from more than 50 countries, this event was the perfect opportunity to share the news of our latest integration with OpenStack.
Attivo Networks + OpenStack: A Dynamic Duo
Several weeks ago, Attivo Networks announced the ability to integrate its deception platform architecture with OpenStack. This provides organizations with efficient and effective detection of inside-the-network threats for virtualized software defined data centers (SDDC). Building upon its current Dynamic Deception Platform, Attivo now offers support for OpenStack environments in addition to current support for VMware EXSi, Amazon Web Services, SCADA and user networks.
Need for Increased Visibility in a SDDC
Data center virtualization has achieved widespread acceptance based on its inherent cost and performance benefits; however with a software-defined data center (SDDC) there also comes a potential challenge of decreased visibility, which increases the risk of a network intrusion. With the explosion of server-server or east-west traffic, traditional IDS/IPS and sandboxing solutions become unsuitable given their cost and the large amounts of resources and personnel required to manage and deploy them. A new, scalable approach is needed for increased network visibility and the ability to promptly and reliably detect the growing number of complex and malicious attacks targeted at the high value information stored within a data center.
How Attivo Deception Works
The highly scalable Attivo Deception Platform is designed for frictionless deployment and efficient inside-the-data center threat detection for environments of large server workloads and widespread adoption of virtual machines (VMs) that are typically seen in data center and cloud networks. Using dynamic deception based on highly efficient luring techniques, Attivo does not rely on the compute and log intensive processes of monitoring traffic for known signatures or attack patterns. Instead, deception and decoys are used to lure in and deceive an attacker into revealing themself. These deception techniques are a highly effective approach for promptly detecting zero day, stolen credential, insider and ransomware attacks. Once the attacker is engaged with the BOTsink® engagement server, the attack and its lateral movement can be studied, alerts raised, and forensics provided for prompt incident response. Integrations with firewall, NAC, SIEM and other security solutions are also available to automate the process and improve the time to remediation.
With the majority of a company’s data passing through their data center, it is critical to have clear visibility into threats that are inside the network. The Attivo solution integrated with the OpenStack Platform will support deployment of engagement VMs in production subnets in order to catch APTs, stolen credential and other lateral attack movement.
In addition, Attivo is working with Criterion Networks and its Criterion SDCloud Platform to implement security groups and quarantine infected VM’s in Criterion SDDC solution architecture, which will contain an attacker from moving to other VMs to maintain persistence.
See You Next Year:
The Attivo team gained valuable insights at this year’s OpenStack Summit and look forward to attending next year’s event!
Until then, Attivo Networks will continue to lead the charge in the deception technology market space and to enhance our comprehensive deception platform to support additional environments and offer continued improvements for incident response.