Deception Campaigns

Deception Campaigns for Deception Authenticity

Maintaining decoy, credential, and deception object authenticity and attractiveness is core to the efficacy and manageability of deception-based threat detection. Attivo Networks provides a variety of deployment options and approaches to keep the deception environment fresh. These deployment options are included through the BOTsink management platform, SCCM, and REST API. To simplify and facilitate deployment at scale, the BOTsink includes the ability to create deception campaigns, which deploy decoy services based on machine learning in the environment. The deception campaigns auto-propose deployment options and facilitate auto-deployment of decoys based on factors such as reconnaissance or suspicious activity.

How Deception Campaigns Work

In the initial deployment, the security team will customize the decoys to reflect what is in the network, or import “golden images” into the decoy environment to more accurately match the systems present. The BOTsink® solution will use machine learning to analyze the network and identify devices, operating systems, and services present in the network. Once the BOTsink solution has learned the network, it will suggest decoy deployments on each VLAN and customize the decoys to match the device characteristics found there.

The BOTsink will designate the appropriate types and numbers of decoys to deploy to each VLAN based on what it learned of the network. The security team can add, edit, or further customize the campaigns to their liking, changing any characteristic on the decoys, such as the naming convention, IP addresses, account names, etc.

Customization includes:

Types of operating systems found on the VLAN
IP addresses
MAC address customizations
Naming convention
Services offered on each decoy
Account formats
Credentials
Web pages
And more

Attivo Deception Campaigns also encompass the ThreatStrike deception credentials and lures. As the BOTsink customizes the decoys, it will also create new ThreatStrike deceptive credentials and ransomware lures based on the user credentials that the BOTsink has learned or the security team has specified.

The security team can then either initiate the proposed Campaign once they have configured it to their liking or set the configuration to automatically deploy based on parameters that they set. Automatic deployments can be set on a periodic basis or at the security team’s discretion, which could be based on suspicion of a network infection or other factors that would motivate a team to want to reset their deception synthetic network. With each reset the BOTsink solution will automatically adjust the deception campaigns and prevent an adversary from learning the network, fingerprinting the deception environment, and avoiding interaction. The ability to use deception campaigns and apply adaptive deception will empower organizations to better control the attack surface and change the game board on attackers, increasing attacker costs and the complexity of their attempt to breach the organization.

Contact Sales

Request a Demo

“Attivo is low effort, high impact”
Major Finance and Accounting firm, CISO
“Attackers only have to be right once, while security people have to be right all the time… Deception flips that paradigm… now the criminals need to be right all of the time too”…”flawless deployment, and was done without any assistance from Attivo!”
DJ Goldsworthy, Director Security Operations and Threat Management, Aflac
All it takes is one breach and you would have paid for your entire (breach detection) product.
Mike Spanbauer , Vice President of Research, NSS Labs.
It’s striking how many layers of obfuscation that the group adopts. These groups are innovating and becoming more creative.
Jennifer Weedon, FireEye Strategic Analysis Manager
17,000 malware alerts per week 40% of malware goes undetected
Fred Donovan , Fierce IT security
In a recent survey Holding the Line Against Cyber Threats: Critical Infrastructure Readiness
(72%) said that the threat level of attacks was escalating

(89%) of the respondents experienced at least one attack on a system within their organization, which they deemed secure, over the past three years

Fifty-nine percent of respondents stated that at least one of these attacks resulted in physical damage.
Deception as an automated responsive mechanism represents a sea change in the capabilities of the future of IT security that product managers or security programs should not take lightly.
Lawrence Pingree, Gartner Research Director
There's two kinds of CIOs: ones who have been hacked and know it, and those who have been hacked and don't yet realize it. But the reality is, you've been hacked,
Tony Scott, Federal CIO
The total average cost of a data breach is now $3.8 million, up from$3.5 million a year ago, according to a study by data security research organization Ponemon Institute.
Paid for by International Business Machines Corp.May 27, 2015

ThreatDefend Platform

Distributed Deception Platform for Post-Compromise Detection and Response

Network Deception

BOTsink

ThreatDirect

EndPoint

ThreatStrike

ADSecure

Deception Plus

ThreatOps

ThreatPath

Attivo Networks Survey Report

Top Threat Detection Concerns and Trends

eBook: Deception-Based Threat Detection

Shifting Power to the Defenders

Best Workplace

Best Technology

Deception Campaigns

Major Finance and Accounting firm, CISO

DJ Goldsworthy, Director Security Operations and Threat Management, Aflac

Mike Spanbauer , Vice President of Research, NSS Labs.

Jennifer Weedon, FireEye Strategic Analysis Manager

Fred Donovan , Fierce IT security

Lawrence Pingree, Gartner Research Director

Tony Scott, Federal CIO

Paid for by International Business Machines Corp.May 27, 2015

Ready to find out what’s lurking in your network?

Products

Solutions

Company

Help