Request Demo
 

Deception Campaigns

Deception Campaigns for Deception Authenticity

Maintaining decoy, credential, and deception object authenticity and attractiveness is core to the efficacy and manageability of deception-based threat detection. Attivo Networks provides a variety of deployment options and approaches to keep the deception environment fresh. These deployment options are included through the BOTsink management platform, SCCM, and REST API.  To simplify and facilitate deployment at scale, the BOTsink includes the ability to create deception campaigns, which deploy decoy services based on machine learning in the environment.  The deception campaigns auto-propose deployment options and facilitate auto-deployment of decoys based on factors such as reconnaissance or suspicious activity.

How Deception Campaigns Work

In the initial deployment, the security team will customize the decoys to reflect what is in the network, or import “golden images” into the decoy environment to more accurately match the systems present. The BOTsink® solution will use machine learning to analyze the network and identify devices, operating systems, and services present in the network. Once the BOTsink solution has learned the network, it will suggest decoy deployments on each VLAN and customize the decoys to match the device characteristics found there.

The BOTsink will designate the appropriate types and numbers of decoys to deploy to each VLAN based on what it learned of the network.  The security team can add, edit, or further customize the campaigns to their liking, changing any characteristic on the decoys, such as the naming convention, IP addresses, account names, etc.

Customization includes:

  • Types of operating systems found on the VLAN
  • IP addresses
  • MAC address customizations
  • Naming convention
  • Services offered on each decoy
  • Account formats
  • Credentials
  • Web pages
  • And more

Attivo Deception Campaigns also encompass the ThreatStrike deception credentials and lures.  As the BOTsink customizes the decoys, it will also create new ThreatStrike deceptive credentials and ransomware lures based on the user credentials that the BOTsink has learned or the security team has specified.

The security team can then either initiate the proposed Campaign once they have configured it to their liking or set the configuration to automatically deploy based on parameters that they set.  Automatic deployments can be set on a periodic basis or at the security team’s discretion, which could be based on suspicion of a network infection or other factors that would motivate a team to want to reset their deception synthetic network. With each reset the BOTsink solution will automatically adjust the deception campaigns and prevent an adversary from learning the network, fingerprinting the deception environment, and avoiding interaction. The ability to use deception campaigns and apply adaptive deception will empower organizations to better control the attack surface and change the game board on attackers, increasing attacker costs and the complexity of their attempt to breach the organization.

  • “Attivo is low effort, high impact”

    Major Finance and Accounting firm, CISO

  • “Attackers only have to be right once, while security people have to be right all the time… Deception flips that paradigm… now the criminals need to be right all of the time too”…”flawless deployment, and was done without any assistance from Attivo!”

    DJ Goldsworthy, Director Security Operations and Threat Management, Aflac

  • All it takes is one breach and you would have paid for your entire (breach detection) product.

    Mike Spanbauer , Vice President of Research, NSS Labs.

  • It’s striking how many layers of obfuscation that the group adopts. These groups are innovating and becoming more creative.

    Jennifer Weedon, FireEye Strategic Analysis Manager

  • 17,000 malware alerts per week 40% of malware goes undetected

    Fred Donovan , Fierce IT security

  • In a recent survey Holding the Line Against Cyber Threats: Critical Infrastructure Readiness

    • (72%) said that the threat level of attacks was escalating
    • (89%) of the respondents experienced at least one attack on a system within their organization, which they deemed secure, over the past three years
    • Fifty-nine percent of respondents stated that at least one of these attacks resulted in physical damage.

  • Deception as an automated responsive mechanism represents a sea change in the capabilities of the future of IT security that product managers or security programs should not take lightly.

    Lawrence Pingree, Gartner Research Director

  • There's two kinds of CIOs: ones who have been hacked and know it, and those who have been hacked and don't yet realize it. But the reality is, you've been hacked,

    Tony Scott, Federal CIO

  • The total average cost of a data breach is now $3.8 million, up from$3.5 million a year ago, according to a study by data security research organization Ponemon Institute.

    Paid for by International Business Machines Corp.May 27, 2015

Ready to find out what’s lurking in your network?

Schedule Demo
Contact Us