By: Tony Cole, Chief Technology Officer
Earlier this month I joined Attivo Networks and a lot of friends and colleagues asked me, “Why move from a large public cybersecurity company to a startup?” The answer is pretty simple, because the technology actually works and closes a gap not addressed well by others. It detects bad actors that have successfully bypassed other systems.
I’ve spent a lot of my career meeting with CISOs and CIOs from every vertical around the globe advising and educating them on threats, required policies, processes, expertise, and of course technology. Regardless of how many times you tell them and show them that a breach is inevitable – and it IS inevitable – I’ve found most of them spend too much of their resources on prevention and not enough on detection.
How you instrument your enterprise can be integral to how much damage an attacker can do before being detected. Dwell time is the amount of time an attacker lives in your network undetected, and for most enterprises it’s usually a couple of months. It should go without saying that we don’t want to allow an attacker to move around a system for months without being detected. That will give them plenty of opportunities to steal anything they want and do enormous damage.
This is why I joined the leader in deception technology, Attivo Networks. Imagine a new neighborhood where a house is broken into during the middle of the night. The burglar knows the family is home and steals a few minor things quietly and prepares to quickly sneak out. As he passes the kitchen island, he notices a key and a piece of paper with an address and alarm code. Another neighbor is on vacation and now he has the key, the alarm code, and instructions on feeding the cat. The intruder quickly leaves and heads down to the other home he knows is empty. Now imagine that house is part of a deception layer across the entire neighborhood. The burglar has picked up a breadcrumb that led him to the perfect house to burglarize and yet when he uses that key or enters the alarm code, it will alert the police. That’s good deception pure and simple. It looks just like everything else and yet isn’t. Obviously, in the real world, we can’t build a lot of houses people don’t live in, it wouldn’t scale. However, unlike my example, real deception is designed to work at scale and with machine learning can even make the decoy house mimic the operations of a typical household, further adding to the authenticity and improving its efficacy in causing the attacker to fall prey.
The other fascinating aspect of deception is that these decoys are essentially projected like a hologram, making it extremely simple to deploy and low maintenance to operate. Unlike other detection controls, it is extremely accurate as the alert will only trigger if the attacker attempts to unlock a door, touches the alarm, or attempts to recon the house. A false alarm is essentially unheard of because it will only trigger upon engagement.
Today, breaches are happening constantly with adversaries continuously increasing their levels of sophistication to move over, under, and around prevention tools. Deception empowers an offense-driven defense against these advanced attackers with a minefield of deception throughout every layer of the network stack covering every threat vector. Decoys throughout the network will alert on early reconnaissance as attackers look to plot their attack, while deception-based credentials and mapped drives for ransomware bait will immediately alert analysts when utilized by an attacker. Even complex Man-in-the-Middle (MITM) attacks can be quickly identified. That long dwell time (from initial breach to discovery) usually lasting months is taken down to immediate and actionable alerts. A system you can trust.
So why did I join Attivo Networks? Because in any game against an adversary, you cannot win using defensive strategies alone. This team changes the game by empowering defenders with an offense and changing the game for the better. It is an exciting opportunity to be part of a team with the technology to disrupt traditional balances of power. I wanted to be part of this team driving this critical change.