Carolyn Crandall has served as the Chief Deception Officer and CMO of Attivo Networks® since 2015 and has over 30 years of experience building emerging technology markets in the security, networking, and storage industries. She has a demonstrated track record of successfully taking companies from preIPO through to multi-billion-dollar sales and has held leadership positions at Cisco, Juniper Networks, Nimble Storage, Riverbed, and Seagate(i365).
As the Chief Deception Officer at Attivo Networks, she regularly speaks on security innovation at CISO forums and other industry events. She has been a guest on Fox News, presented at several conferences including CSO50, ISSA International, FS and H-ISAC, and has hosted multiple technology education webinars. In 2018 alone, Crandall was inducted into the Hall of Femme by DMN, recognized as a Business Woman of the Year by CEO Today, and as a Power 100 Woman of the Channel by CRN for the 8th year.
Crandall joined Attivo Networks based upon the company’s vision of modernizing active cybersecurity defenses with deception technology. Deception has been used for millennia in military, sports, and gambling to outsmart and outmaneuver an adversary and Attivo is now bringing this concept to cybersecurity in an effort to misdirect and derail advanced cyberattackers before they can complete their attack mission. This technology is actively being adopted across all major industries as an in-network threat detection control designed to reduce attacker dwell time (time an attacker remains undetected) and for improving adversary intelligence that can be critical for understanding the attack, accelerating incident response, and fortifying defenses.
In cyber, it is essential to have both defensive and offensive strategies to effectively outmaneuver attackers. Historical approaches to cybersecurity were centered on a preventative defense that begins as a reaction to an event. The Attivo Networks approach is centered on an Active Defense, based on offense-driven actions so that organizations can set landmines to proactively detect and derail in-network threats early, gather the adversary intelligence required to understand the attack, and prevent a similar recurrence. Deception technology is unique in that it gives organizations the upper-hand against attackers. When deception is applied, the attacker can no longer trust that they know real from fake and will make mistakes, be forced to spend more time, start over, or find an easier target. Ultimately, attackers incur greater costs, which in many cases can make the economics of their attack undesirable.
Organizations achieve this advantage through the use of scalable deception technology that ubiquitously covers an ever-changing landscape of threats from all attack vectors and across continually evolving attack surfaces. As the most comprehensive solution on the market, the Attivo ThreatDefend™ platform works by enticing in-network attackers with highly authentic credentials, decoys, applications, and data deceptions designed to attract adversaries into engaging. The solution’s dynamic traps, bait, and lures provide threat deception for legacy to advanced deployments with a wide-range of attack surfaces including networks, cloud, datacenters, remote offices, infrastructure, IoT, medical IoT, ICS-SCADA, and POS networks. Machine-learning management makes deployment easy and automated for businesses of all sizes. Unlike other deception solutions, Attivo doesn’t stop at detection and arms defenders with high-fidelity alerts that are substantiated by the environment’s attack analysis, forensics, and collection of adversary intelligence. This provides valuable insight into attacker intent and threat intelligence required for blocking, isolation, threat hunting, and return adversary mitigation. Extensive native integrations are also available for automating incident response.