By Carolyn Crandall, Chief Marketing Officer, Attivo Networks
This week, Attivo Networks™ announced it has expanded its deception platform to include all classes of cyber threats, including reconnaissance, stolen credentials, phishing and ransomware attacks. The goal is nothing less than to defend Attivo customers from every form of cyber attack with real-time detection of breaches that have bypassed other prevention defenses.
Deception employs highly efficient techniques to attract attackers into engaging by luring them away from company assets while extending to organizations the much-needed time to identify and thwart the attack.
“Gartner believes that more lean-forward organizations should also leverage deception in-depth as a new strategy for comprehensive threat defense against the onslaught of advanced attackers and attack techniques,” noted Lawrence Pingree, Gartner Research Director, in a recent report.
If the need for enhanced security is not clear enough already, think about this: security researchers at G DATA recorded a 64.8 percent increase in new malware strains for the first half of 2015 as compared to the same period in 2014. This works out to an average of 12 new strains created every minute.
The Attivo Deception Platform, based on a comprehensive suite of engagement servers, deception luring technology and techniques, highly sophisticated forensics and analysis correlation engine, has proven to be highly effective. It is a valuable solution for detecting Advanced Persistent Threats (APTs) and BOTs that are running reconnaissance to mount attacks, moving laterally through the network and for detecting when attackers are trying to use stolen credentials. Attivo has enhanced the BOTsink Multi-Dimensional Correlation Engine (MDCE) to provide a safe “sandbox” environment to expand and activate suspect phishing emails. In addition, the company has enhanced its end-point deception lures to deceive hackers, luring them to the BOTsink engagement server for analysis and containment.
The phishing solution arms individuals with the ability to submit suspect emails to the BOTsink analysis engine. There, the engine analyses the email and reports created with associated industry threat classifications, empowering the organization’s security team to rapidly understand the threat and update prevention systems.
Attivo enhanced end-point deception capabilities lure the attacker to the BOTsink engagement server, heading off the attacker’s opportunity to modify the disk contents of other devices. This new functionality will facilitate detecting threats like CryptoLocker and KillDisk, built to encrypt, infect or erase files. Once the Attivo solution lures the attacker to the BOTsink, the BOTsink will analyze the threat, raise alerts and create report for the immediate quarantining of an infected device.
Attivo also announced new enhancements to its deception technology and can now automatically deploy its engagement servers based on anomalous activity and draw attackers to BOTsink. It also features expanded ability to detect attacks based on broadcast and multicast traffic.
Stay tuned for more news and come visit us at RSA, to be held February 29-March 4 at San Francisco’s Moscone Center. We’ll be in the North Expo, booth #N3022.