Attivo Networks has expanded the functionality of its ThreatDefend detection platform. These aim to anticipate an attacker’s behavior when it compromises a corporate network from an infected endpoint. ThreatDefend lures the attacker into an ambush if he moves in the network. The goal is to shorten the dwell time, i.e. the time span in which an attacker can move undetected in the company network.
The “Endpoint Detection Net” module is intended to supplement companies with EPP and EDR (Endpoint Protection, Endpoint Detection and Response) solutions by closing gaps in detection and facilitating the automatic response to incidents. Endpoint Detection Net, according to Attivo, turns every endpoint into a bait that is supposed to disrupt an attacker’s plans to break out and penetrate further into the network. No own agents are required for this at the endpoint. For this purpose, Attivo uses historical attack data as well as the Miter Att @ ck framework to identify the methods that attackers use to move around the network from an endpoint.
The ability to protect endpoints and prevent the spread of infected systems is critical for companies of all sizes. Investigations have shown that attackers leave an initially infected system after 4.5 hours on average to move on. In addition, research results show that the average length of stay in the network increased from 85 to 95 days in 2019. This illustrates the importance of securing endpoints and preventing attackers from gaining a foothold in the network.
Read the full article here.