Support Login.

5 × 5 =

 

ThreatStrike™ End-Point Deception

Stolen Credential, Ransomware, and Phishing Detection

Typical intrusion detection systems are based on detecting malware, which has been the historical method of attack. The threat landscape has changed dramatically with over 2 out of 3 attacks being cited as starting with the use of stolen credentials. In recent studies, results have shown that 60% of organizations feel they are ill equipped to detect these types of attacks. Compound this situation with ransomware attacks that can quickly erase or encrypt networked drives, organizations must now turn to a new approach to protect their data and critical infrastructure.  Attempts at using behavioral analytics have proven to be challenging given the alert storm that they generate, with the end result being incidents being unattended to until it is too late.

Stolen credential attacks used to be done in sweeps that would try 1,000s of credentials at a time. These attempts were fairly easily detected. Attackers have become more sophisticated and are now coming in “low and slow” with only 1 to 2 attempts per hour making them challenging to detect.

Deception takes a different approach to detecting attackers trying to steal and use stolen credentials. The ThreatStrike™End-Point Deception Suite places deception credentials on end-points and servers that appear to be employee credentials, application and other data. This bait sets “bread crumbs” that lead an attacker to an engagement server where their attack can be analyzed and a substantiated alert raised. Unlike behavioral analytics, these alerts are based on actual engagement and provide the detail required to immediately block and quarantine an attack.

A similar approach can be used to deceive and misdirect ransomware attackers. Deceptions can be placed so as the attacker looks to move to the next networked drive, they are instead being led to the engagement server for detection.

Read the Solution Brief

How ThreatStrike End-Point Deception Works

 

 

The Attivo ThreatStrike End-Point Deception Solution is a customizable and non-intrusive technology that is used to identify targeted attacks of infected end-points, infected servers/VMs, the use of deception stolen credentials, and ransomware attacks on networked drives. The solution also provides for suspicious email submission for threat detection.

The ThreatStrike End-Point deception suite is deployed across end-point devices without impact and dependency on other end-point security products and servers. The suite adds bait and deception credentials to entice threat actors to attack the BOTSink Solution as opposed to production assets and other network resources.

The Attivo end-point technology integrates with the Attivo BOTsink Solution, which can in turn identify the infected end-point, provide signature updates to firewalls and other prevention devices, and exchange queries with SIEMs to check for attempted use of deception credentials throughout the network.

Simple and Scalable Deployment

The ThreatStrike End-point Suite is agent-less and easy set up.

  • Deployment can occur through the Attivo management console or through end-point distribution partners Casper, ForeScout, Microsoft Active Directory
  • End-point deceptions are highly customizable and can be configured with stolen credential, data, application, ransomware, and other deception bait
  • Phishing detection submission is easily set up for users
  • Integrations with SIEM providers Splunk, HP ArcSight, IBM QRadar, Intel McAfee Nitro are easy to set up and provide insight into attempts to use Attivo deception credentials

Read the Solution Brief

End-point deception

Attivo ThreatStrike End-point Deception Suite Benefits

  • Deceives and distracts attackers with deception credentials and other bait
  • Misdirects ransomware attacks
  • Agentless design is seamless to install and manage
  • Phishing detection simplifies the detection of phishing emails
  • Advanced customization for the highest levels authenticity and deception
  • Mac, Windows, and Linux support
  • Integrates with other security eco-system devices including the Attivo BOTsink, firewalls, and SIEM devices

Read the Solution Brief