• Categories

  • Format

At-a-Glance

Attivo Networks for Enterprise Identity Protection and Lateral Movement Detection

Defending Against Credential-Based Attacks – Protecting the Keys to the Front Door

To protect against credential-based attacks, organizations have implemented solutions such as Multifactor Authentication or Privileged Access Management that seek to curtail unauthorized access. However, these solutions still have gaps that an organization can bridge with Deception Technology.

Attivo Networks® ThreatDefend Platform and the NIST Cybersecurity Framework

The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the US can assess and improve their ability to prevent, detect, and respond to cyberattacks. This white paper explores the ways in which the Attivo Networks ThreatDefend Platform provides extensive support to meet the guidance set forth by the NIST Cybersecurity Framework.

Attivo Networks® Coverage for MITRE® Engage

MITRE has launched a knowledge base named Engage to replace its Shield matrix, available at https://engage.mitre. org/. Engage is a framework for discussing and planning adversary engagement, deception, and denial activities. Engage is informed by adversary behavior observed in the real world and is intended to drive strategic cyber outcomes. Engage was created to help the private sector, government, and vendor communities to plan and execute the use of adversary engagement strategies and technologies.

NIST: 800-160(2) and 800-171(B) Securing High Value Assets and Confidential Unclassified Information

This paper will very briefly summarize these NIST publications, introduce deception technology, and show how deception technology fits within the NIST guidelines to support regulatory compliance and enhanced security.

Defending the Retail Industry Against Cyber Attacks

Due to the expansive attack surface and the large number of transactions made in various forms, adversaries are finding ways into retailer’s networks and are remaining undetected for sometimes months on end. Fraud prevention and detection for retailers is becoming increasingly challenging and a new approach to cybersecurity is needed.

Protecting Enterprise Identities for the Legal Sector

Applying deception and concealment technology and focusing on an identity-first security posture provides the tools a legal organization needs to quickly and accurately detect suspicious or malicious activity to limit the potential impact.

Understanding the Most Common Lateral Movement Attack Tactics

Understanding the specific tactics attackers use is a critical part of lateral movement detection. Knowing the tactics and strategies outlined in this paper gives defenders a significant leg up to identify attackers and stop them in their tracks.

Dynamic Deception for Industrial Automation and Control Systems

Building a comprehensive security strategy for the real-time, actionable detection of a cyber attack. By: Tony Dao, Director of Information Technology, Aspect Engineering Group

Portfolio Overview

Comprehensive detection for empowering the defender and eliminating the attacker’s advantage.

Using MITRE Shield to Defend Against Ransomware

This paper discusses how using an Active Defense strategy with the ThreatDefend platform provides an innovative and efficient approach to combating ransomware.

Comprehensive Coverage for CIS Security Controls

The Attivo Networks ThreatDefend platform covers a prioritized set of CIS controls to protect the organization from known or unknown cyber threats. The ThreatDefend platform provides coverage for a total of 16 out of 20 CIS Controls.

Attivo Networks in a Zero Trust Architecture for the Federal Government

Federal agencies are moving to security-based architectures built upon Zero Trust Architecture (ZTA) principles for more than a decade.

Disrupt an Attacker’s Ability to Discover Networks and Move Laterally with Deflect

This white paper discusses key use cases of the Endpoint Detection Net’s Deflect function that prevent attackers from fingerprinting an endpoint to identify security weaknesses and conducting reconnaissance.

Improving Cyber Hygiene by Remediating Exposed Credentials

The domain controller assumes that anyone providing the correct combination of user name and password is the person they claim to be and gains access to the network. If attackers manage to steal the right set of credentials, they can assume identities with greater privileges and access. Identifying and clearing these credentials can be a burden. This is where the ThreatPath® solution can reduce the attack surface and manage credential exposures to limit attackers from exploiting them.

SolarWinds Breach – Supply Chain ThreatDefend® Attack Detection

As organizations continue to embrace third-party vendors for software and applications, they expose themselves to potential risks in their supply chain. New types of attacks increase the risks associated with a supply chain attack considerably. Attackers have more resources and tools at their disposal than ever before, creating a perfect storm.

Strengthen Deception Authenticity with Machine Learning and Dynamic Behavioral Deception

The best way to defeat sophisticated attacks is to implement dynamic behavioral deception, a security solution that detects in-network attack techniques and lateral movement activity. Unfortunately, today’s next-generation firewalls, IPS, sandboxes, web, and email gateways are not up to that task.

Attivo Networks in a Zero Trust Architecture

Most organizations will start Zero Trust with a focus on users and devices. Attivo Networks adds another layer of access control that focuses on applications, data, and access for post-authentication protection. The company’s ThreatDefend platform offers capabilities that implement elements of a Zero Trust architecture, particularly in the areas of data trust and application trust.

Defending Healthcare Organizations with the ThreatDefend Platform

The ThreatDefend Plaform’s comprehensive functions enhance existing security solutions by providing visibility into attack activities that elude them, giving healthcare organizations the critical tools they need to derail attacks before they become data breaches or ransom situations.

Deception-Based Threat Detection for Healthcare

This paper guides healthcare organizations in how to address the ever-increasing challenge of defending themselves. Topics include techniques to detect attacks that target patient records, protecting information stored in data centers, and securing networks containing medical Internet of Things (IoT) devices.

Calculating ROI for Attivo Deception and Concealment Technology

Cybersecurity professionals understand the value of deception technology. Unfortunately, while they may have input when determining the merits of security solutions to purchase, they do not often have the authority to influence budgets, which means that they must find a way to financially justify a new security technology to the CFO and others. How can they clearly explain the value?

Attivo Networks® ThreatDefend® Platform and the Mitre ATT&CK® Matrix For Cloud

The Attivo Networks ThreatDefend® platform provides extensive capabilities to detect many of the techniques and sub-techniques outlined in the ATT&CK Matrix for Cloud.

Deception Defense Platform for Cyber-Physical Systems

There is an ever-increasing number of cyber-attacks targeted at cyber-physical systems vital to the operation of our critical infrastructure. Everything from disruption, destruction, data loss, or general rampant internet threats have become a risk to cyber-physical systems that were once thought isolated and secure from cyber threats.

Attivo Deception MITRE Shield Mapping

Attivo evaluated its ThreatDefend® Platform capabilities against all Active Defense techniques and use cases documented per technique in the MITRE Shield knowledge base. Download this paper to learn how the ThreatDefend components provide the building blocks needed for an Active Defense strategy.

Federal News Network Executive Briefing: Cybersecurity Strategies

Federal News Network and Attivo Networks asked a panel of federal cybersecurity practitioners for a read on the most contemporary cybersecurity thinking. Read on to learn more.

Using a Commercial Deception Solution to Improve MITRE ATT&CK Test Results for Endpoint Security

Dr. Edward Amoroso, CEO of TAG Cyber, outlines the results of a recent round of MITRE ATT&CK testing performed for four top endpoint security tools. Find out how the performance and detection of these tools improves by an average 42% when used in conjunction with Attivo Networks EDN suite.

9 Notable 2020 CISO Challenges – Are they the Same as Yours?

The world has changed in so many ways in 2020. Even with the best-laid plans and precautions, CISOs have had to quickly respond to the COVID-19 pandemic, revising strategies and transitioning from unprepared to prepared. Read on for a list of important things CISOs are tackling as they look to stay one step ahead in these rapidly changing times.

Attivo Networks ThreatDefend Platform SIEM Integrations

The rapid pace of attacks, existing security challenges such as staff shortages, and the ever-increasing alert volume drive the security industry to embrace the notion of consolidating data resources and orchestrating actions across vendors, open-source projects, and internal development efforts. Read on to learn more about our SIEM integrations.

Integrating Deception with DevOps

Organizations can deploy deception across the DevOps cycle to get insights into attacker activity and alert on any misconfigurations. Learn more about how Deception complements existing DevSecOps security controls in this white paper.

Deception Technology: Active Defense to Combat Advanced Threats

Attivo Networks deception technology provides the most authentic and comprehensive solution for detecting threats early in the attack lifecycle. Organizations shifting to an offensive posture will simplify detection operations and gain the critical tools they need to improve their security posture in the war against cyber attackers.

Understanding Deception Technology

This document explains the role deception has historically played in attack and defense as well as highlights why it has become a necessary part of a modern cybersecurity stack. Deception technology is becoming a core necessity in any security architecture. 

Defending Against Insider Threats with Attivo Networks Deception

Insider threats are one of the most difficult challenges an organization can face. Where a range of conventional defenses exist to thwart exterior threats, malicious actors within an organization are much more difficult to identify and contain. This paper will delve into the challenges presented by insider threats and how deception technology can provide accurate and early insight into policy violations and malicious activity. 

Deception to Enhance Endpoint Detection and Response

Deception technology is “sleight of hand” for your environment, diverting attackers away from production assets and strengthening the other components of your cybersecurity stack. Coupled with EDR on the endpoints and conventional perimeter defenses, a deception suite enhances your defense-in-depth strategy and makes an attacker’s job radically more difficult, substantially altering their attack economics and giving defenders the advantage. 

Attivo Networks® ThreatDefend™ Platform and the ISO/IEC 27000 Family of Standards

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 27000 family of standards helps organizations keep information assets secure. 

ThreatDefend® Platform Feature Highlight: ThreatDirect®

The Attivo Networks® ThreatDefend® platform includes the ThreatDirect® feature that provides organization with the ability to easily and efficiently project deception into remote locations and microsegmented networks, extending their coverage without needing to deploy additional BOTsink® deception servers. 

ThreatDefend® Feature Highlight: Vulnerability Simulation

Organizations can configure the Attivo Networks® BOTsink® appliance to simulate known vulnerabilities, giving highly accurate alerts if an attacker attempts to leverage one against the organization. This form of simulation responds to an attacker’s effort as if it was vulnerable without actually compromising the target host or allowing the attacker to expand their footprint.

ThreatDefend® Feature Highlight: Decoy Documents

Attivo’s Decoy Documents capability is available across the entire BOTsink range, including physical, virtual, and Cloud instances.

Cyber Deception: How To Build A Program

Geoff Hancock has been in cybersecurity for 27 years. He has worked in the military, intelligence community, civilian agencies and corporations, conducting cyber operations, Active Cyber Defense, Deception and Intelligence. He has been a CISO, CTO and VP and currently is the CEO of Advanced Cybersecurity Group, where he heads up a team of cyber deception and intelligence analysts providing instruction and program operations. Understand the value of having a cyber deception plan in place and learn the information you need to know to get one started in this white paper.

Deception Myths: Clarifying Industry Misconceptions

The earliest deception systems were used primarily for research and they were difficult to set up and maintain. Those preliminary experiences have led to some myths and misconceptions about deception. This paper will address and debunk those myths, while detailing how deception has evolved into an invaluable asset for organization’s Defense in Depth postures.

Threat Deception for an Active Defense

Attivo Networks® deception-based threat detection shifts the power to the defender with a unique approach that reduces risk, accelerates incident response, and improves the overall effectiveness and efficiency of existing security controls. To learn more about deception-based threat detection, view this document.

ThreatDefend Platform Feature Highlight : Authentic Deception

At its core, deception technology relies on presenting an attacker with decoys and lures that are indistinguishable from real assets. Highly authentic decoys are vital for any organization looking to add deception technology for in-network threat detection. This feature highlight addresses the importance of authenticity in deception and the ways in which Attivo Networks has made authenticity a core feature of the ThreatDefend platform.

Attivo Networks Deception Technology for Mergers and Acquisitions

Deception technology can play a critical role in Mergers and Acquisition situations, providing vital detection and visibility capabilities for due diligence and post-merger integrations. Check out this white paper for more on the benefits of deception technology before, during, and after a merger/ acquisition scenario.

Meeting HIPAA Requirements with Attivo Networks Deception Technology

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) laid out a broad range of rules for Healthcare providers in the United States that fundamentally changed how these organizations were required to handle patient information. In this paper we will look at how deception technology can help an organization meet these requirements effectively, and efficiently, specifically in the context of Information Security.

Attivo Networks® ThreatDefend Platform and the MITRE ATT&CK Matrix

The Attivo Networks ThreatDefend Deception and Response Platform provides extensive capabilities to detect many of the techniques outlined in the ATT&CK Matrix.

Attivo Networks Threat Deception to Comply with the Reserve Bank of India Cybersecurity Framework

This whitepaper explains how the Attivo Networks® ThreatDefendTM platform enables organizations to meet specific compliance issues specified in the RBI CS Framework, along with numerous other requirements. This paper further explains how the Attivo Networks solution provides comprehensive detection and response to organizations under threat.

Deception for a SWIFT Defense

The SWIFT network links more than 11,000 financial institutions in more than 200 countries and territories worldwide, and as such, requires a level of trust between member institutions to ensure the integrity of the network. Unfortunately, the SWIFT network has increasingly become a target of attackers over the past few years and traditional security measures are no longer sufficient to deter and stop attackers. This white paper delves into the ways deception technology addresses these challenges.

GDPR with Deceptive Technology Perspective

GDPR is The General Data Protection Regulation which will radically change the data usage and protection landscape when the document comes into force on May 25th, 2018.

Deception Technology—Much more than a Honeypot

This solution brief will detail the origins of honeypots, the logic behind them, and what features ultimately inhibited their universal adoption – followed by a look into what comprises present-day deception technology, how it has evolved, and the functionalities that are catalyzing worldwide deployment and adoption.

BD and Attivo Networks Provide Visibility and Detection of Cyberattacks on IoT Medical Devices

Collaboration Advances Medical Device Cybersecurity

Attivo Labs Research: Petya/Not Petya Wiper Attack Analysis

Petya wreaks havoc by locking the hard drive MFT and MBR sections and by preventing computers from booting.

Attivo Labs WannaCry Report

Ransomware attacks continue to be a top threat.

Attivo Networks Deception Platform Integrates with BD Medical Devices

Attivo Networks Deception Platform Integrates with Becton, Dickinson Medical Devices to Provide Advanced IoT Threat Detection

Deception Technology for Financial Institutions

This paper explores challenges faced by financial organizations and how deception technology changes the game on attackers with reliable in-network threat detection and response capabilities.

Deception in Security Penetration Testing

As many organizations look to test their network resiliency, penetration tests are playing an increasingly integral role in understanding an environment’s vulnerabilities through the simulation of a real attack. Deception provides early and efficient warning of attacks, whether they originate from malicious internal or external threat actors or from a security tester. 

BOTsink® Analysis Functions

To help security analysts investigate incidents, gather forensic evidence, and analyze malware, the BOTsink provides the Attack Threat Analysis (ATA) engine and the Malware Analysis Sandbox (MAS).

Deception for Enhanced Cloud Security

The Attivo ThreatDefend platform is designed to integrate seamlessly with AWS, OpenStack, and Azure deployments to scale to organization’s cloud needs

Ovum, On the Radar: Attivo Networks offers deception, vulnerability assessment, and response automation

The ThreatDefend™ portfolio includes all these capabilities.

Detect Infected Machines and Stop Data Exfiltration with Attivo Deception Platform and Juniper SRX Firewalls

Attivo Networks integrates with Juniper SRX Firewalls

Attivo Networks Deception Platform Integrates with the Check Point Management Server

Attivo Networks integrates with Check Point Management Server

Know What is Lurking in Your Network

Find out how deception technology allows for in-network detection of advanced threats.

Pre-emptive Spear Phishing Management

Learn why phishing is one of the top cyber attacks occurring, how it works, and the steps an organization can take to protect their employees.

The Role of Dynamic Deception in the Cyber Kill Chain

Learn about the challenges of today’s threat landscape and the opportunities to address holes in the cyber attack lifecycle.

Attivo Networks Partner Integrations for an Active Defense

Deception technology in the cyber security eco-system


At-a-Glance

Attivo Networks for Enterprise Identity Protection and Lateral Movement Detection

Defending Against Credential-Based Attacks – Protecting the Keys to the Front Door

To protect against credential-based attacks, organizations have implemented solutions such as Multifactor Authentication or Privileged Access Management that seek to curtail unauthorized access. However, these solutions still have gaps that an organization can bridge with Deception Technology.

Attivo Networks® ThreatDefend Platform and the NIST Cybersecurity Framework

The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the US can assess and improve their ability to prevent, detect, and respond to cyberattacks. This white paper explores the ways in which the Attivo Networks ThreatDefend Platform provides extensive support to meet the guidance set forth by the NIST Cybersecurity Framework.

Attivo Networks® Coverage for MITRE® Engage

MITRE has launched a knowledge base named Engage to replace its Shield matrix, available at https://engage.mitre. org/. Engage is a framework for discussing and planning adversary engagement, deception, and denial activities. Engage is informed by adversary behavior observed in the real world and is intended to drive strategic cyber outcomes. Engage was created to help the private sector, government, and vendor communities to plan and execute the use of adversary engagement strategies and technologies.

NIST: 800-160(2) and 800-171(B) Securing High Value Assets and Confidential Unclassified Information

This paper will very briefly summarize these NIST publications, introduce deception technology, and show how deception technology fits within the NIST guidelines to support regulatory compliance and enhanced security.

Defending the Retail Industry Against Cyber Attacks

Due to the expansive attack surface and the large number of transactions made in various forms, adversaries are finding ways into retailer’s networks and are remaining undetected for sometimes months on end. Fraud prevention and detection for retailers is becoming increasingly challenging and a new approach to cybersecurity is needed.

Protecting Enterprise Identities for the Legal Sector

Applying deception and concealment technology and focusing on an identity-first security posture provides the tools a legal organization needs to quickly and accurately detect suspicious or malicious activity to limit the potential impact.

Understanding the Most Common Lateral Movement Attack Tactics

Understanding the specific tactics attackers use is a critical part of lateral movement detection. Knowing the tactics and strategies outlined in this paper gives defenders a significant leg up to identify attackers and stop them in their tracks.

Dynamic Deception for Industrial Automation and Control Systems

Building a comprehensive security strategy for the real-time, actionable detection of a cyber attack. By: Tony Dao, Director of Information Technology, Aspect Engineering Group

Portfolio Overview

Comprehensive detection for empowering the defender and eliminating the attacker’s advantage.

Using MITRE Shield to Defend Against Ransomware

This paper discusses how using an Active Defense strategy with the ThreatDefend platform provides an innovative and efficient approach to combating ransomware.

Comprehensive Coverage for CIS Security Controls

The Attivo Networks ThreatDefend platform covers a prioritized set of CIS controls to protect the organization from known or unknown cyber threats. The ThreatDefend platform provides coverage for a total of 16 out of 20 CIS Controls.

Attivo Networks in a Zero Trust Architecture for the Federal Government

Federal agencies are moving to security-based architectures built upon Zero Trust Architecture (ZTA) principles for more than a decade.

Disrupt an Attacker’s Ability to Discover Networks and Move Laterally with Deflect

This white paper discusses key use cases of the Endpoint Detection Net’s Deflect function that prevent attackers from fingerprinting an endpoint to identify security weaknesses and conducting reconnaissance.

Improving Cyber Hygiene by Remediating Exposed Credentials

The domain controller assumes that anyone providing the correct combination of user name and password is the person they claim to be and gains access to the network. If attackers manage to steal the right set of credentials, they can assume identities with greater privileges and access. Identifying and clearing these credentials can be a burden. This is where the ThreatPath® solution can reduce the attack surface and manage credential exposures to limit attackers from exploiting them.

SolarWinds Breach – Supply Chain ThreatDefend® Attack Detection

As organizations continue to embrace third-party vendors for software and applications, they expose themselves to potential risks in their supply chain. New types of attacks increase the risks associated with a supply chain attack considerably. Attackers have more resources and tools at their disposal than ever before, creating a perfect storm.

Strengthen Deception Authenticity with Machine Learning and Dynamic Behavioral Deception

The best way to defeat sophisticated attacks is to implement dynamic behavioral deception, a security solution that detects in-network attack techniques and lateral movement activity. Unfortunately, today’s next-generation firewalls, IPS, sandboxes, web, and email gateways are not up to that task.

Attivo Networks in a Zero Trust Architecture

Most organizations will start Zero Trust with a focus on users and devices. Attivo Networks adds another layer of access control that focuses on applications, data, and access for post-authentication protection. The company’s ThreatDefend platform offers capabilities that implement elements of a Zero Trust architecture, particularly in the areas of data trust and application trust.

Defending Healthcare Organizations with the ThreatDefend Platform

The ThreatDefend Plaform’s comprehensive functions enhance existing security solutions by providing visibility into attack activities that elude them, giving healthcare organizations the critical tools they need to derail attacks before they become data breaches or ransom situations.

Deception-Based Threat Detection for Healthcare

This paper guides healthcare organizations in how to address the ever-increasing challenge of defending themselves. Topics include techniques to detect attacks that target patient records, protecting information stored in data centers, and securing networks containing medical Internet of Things (IoT) devices.

Calculating ROI for Attivo Deception and Concealment Technology

Cybersecurity professionals understand the value of deception technology. Unfortunately, while they may have input when determining the merits of security solutions to purchase, they do not often have the authority to influence budgets, which means that they must find a way to financially justify a new security technology to the CFO and others. How can they clearly explain the value?

Attivo Networks® ThreatDefend® Platform and the Mitre ATT&CK® Matrix For Cloud

The Attivo Networks ThreatDefend® platform provides extensive capabilities to detect many of the techniques and sub-techniques outlined in the ATT&CK Matrix for Cloud.

Deception Defense Platform for Cyber-Physical Systems

There is an ever-increasing number of cyber-attacks targeted at cyber-physical systems vital to the operation of our critical infrastructure. Everything from disruption, destruction, data loss, or general rampant internet threats have become a risk to cyber-physical systems that were once thought isolated and secure from cyber threats.

Attivo Deception MITRE Shield Mapping

Attivo evaluated its ThreatDefend® Platform capabilities against all Active Defense techniques and use cases documented per technique in the MITRE Shield knowledge base. Download this paper to learn how the ThreatDefend components provide the building blocks needed for an Active Defense strategy.

Federal News Network Executive Briefing: Cybersecurity Strategies

Federal News Network and Attivo Networks asked a panel of federal cybersecurity practitioners for a read on the most contemporary cybersecurity thinking. Read on to learn more.

Using a Commercial Deception Solution to Improve MITRE ATT&CK Test Results for Endpoint Security

Dr. Edward Amoroso, CEO of TAG Cyber, outlines the results of a recent round of MITRE ATT&CK testing performed for four top endpoint security tools. Find out how the performance and detection of these tools improves by an average 42% when used in conjunction with Attivo Networks EDN suite.

9 Notable 2020 CISO Challenges – Are they the Same as Yours?

The world has changed in so many ways in 2020. Even with the best-laid plans and precautions, CISOs have had to quickly respond to the COVID-19 pandemic, revising strategies and transitioning from unprepared to prepared. Read on for a list of important things CISOs are tackling as they look to stay one step ahead in these rapidly changing times.

Attivo Networks ThreatDefend Platform SIEM Integrations

The rapid pace of attacks, existing security challenges such as staff shortages, and the ever-increasing alert volume drive the security industry to embrace the notion of consolidating data resources and orchestrating actions across vendors, open-source projects, and internal development efforts. Read on to learn more about our SIEM integrations.

Integrating Deception with DevOps

Organizations can deploy deception across the DevOps cycle to get insights into attacker activity and alert on any misconfigurations. Learn more about how Deception complements existing DevSecOps security controls in this white paper.

Deception Technology: Active Defense to Combat Advanced Threats

Attivo Networks deception technology provides the most authentic and comprehensive solution for detecting threats early in the attack lifecycle. Organizations shifting to an offensive posture will simplify detection operations and gain the critical tools they need to improve their security posture in the war against cyber attackers.

Understanding Deception Technology

This document explains the role deception has historically played in attack and defense as well as highlights why it has become a necessary part of a modern cybersecurity stack. Deception technology is becoming a core necessity in any security architecture. 

Defending Against Insider Threats with Attivo Networks Deception

Insider threats are one of the most difficult challenges an organization can face. Where a range of conventional defenses exist to thwart exterior threats, malicious actors within an organization are much more difficult to identify and contain. This paper will delve into the challenges presented by insider threats and how deception technology can provide accurate and early insight into policy violations and malicious activity. 

Deception to Enhance Endpoint Detection and Response

Deception technology is “sleight of hand” for your environment, diverting attackers away from production assets and strengthening the other components of your cybersecurity stack. Coupled with EDR on the endpoints and conventional perimeter defenses, a deception suite enhances your defense-in-depth strategy and makes an attacker’s job radically more difficult, substantially altering their attack economics and giving defenders the advantage. 

Attivo Networks® ThreatDefend™ Platform and the ISO/IEC 27000 Family of Standards

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 27000 family of standards helps organizations keep information assets secure. 

ThreatDefend® Platform Feature Highlight: ThreatDirect®

The Attivo Networks® ThreatDefend® platform includes the ThreatDirect® feature that provides organization with the ability to easily and efficiently project deception into remote locations and microsegmented networks, extending their coverage without needing to deploy additional BOTsink® deception servers. 

ThreatDefend® Feature Highlight: Vulnerability Simulation

Organizations can configure the Attivo Networks® BOTsink® appliance to simulate known vulnerabilities, giving highly accurate alerts if an attacker attempts to leverage one against the organization. This form of simulation responds to an attacker’s effort as if it was vulnerable without actually compromising the target host or allowing the attacker to expand their footprint.

ThreatDefend® Feature Highlight: Decoy Documents

Attivo’s Decoy Documents capability is available across the entire BOTsink range, including physical, virtual, and Cloud instances.

Cyber Deception: How To Build A Program

Geoff Hancock has been in cybersecurity for 27 years. He has worked in the military, intelligence community, civilian agencies and corporations, conducting cyber operations, Active Cyber Defense, Deception and Intelligence. He has been a CISO, CTO and VP and currently is the CEO of Advanced Cybersecurity Group, where he heads up a team of cyber deception and intelligence analysts providing instruction and program operations. Understand the value of having a cyber deception plan in place and learn the information you need to know to get one started in this white paper.

Deception Myths: Clarifying Industry Misconceptions

The earliest deception systems were used primarily for research and they were difficult to set up and maintain. Those preliminary experiences have led to some myths and misconceptions about deception. This paper will address and debunk those myths, while detailing how deception has evolved into an invaluable asset for organization’s Defense in Depth postures.

Threat Deception for an Active Defense

Attivo Networks® deception-based threat detection shifts the power to the defender with a unique approach that reduces risk, accelerates incident response, and improves the overall effectiveness and efficiency of existing security controls. To learn more about deception-based threat detection, view this document.

ThreatDefend Platform Feature Highlight : Authentic Deception

At its core, deception technology relies on presenting an attacker with decoys and lures that are indistinguishable from real assets. Highly authentic decoys are vital for any organization looking to add deception technology for in-network threat detection. This feature highlight addresses the importance of authenticity in deception and the ways in which Attivo Networks has made authenticity a core feature of the ThreatDefend platform.

Attivo Networks Deception Technology for Mergers and Acquisitions

Deception technology can play a critical role in Mergers and Acquisition situations, providing vital detection and visibility capabilities for due diligence and post-merger integrations. Check out this white paper for more on the benefits of deception technology before, during, and after a merger/ acquisition scenario.

Meeting HIPAA Requirements with Attivo Networks Deception Technology

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) laid out a broad range of rules for Healthcare providers in the United States that fundamentally changed how these organizations were required to handle patient information. In this paper we will look at how deception technology can help an organization meet these requirements effectively, and efficiently, specifically in the context of Information Security.

Attivo Networks® ThreatDefend Platform and the MITRE ATT&CK Matrix

The Attivo Networks ThreatDefend Deception and Response Platform provides extensive capabilities to detect many of the techniques outlined in the ATT&CK Matrix.

Attivo Networks Threat Deception to Comply with the Reserve Bank of India Cybersecurity Framework

This whitepaper explains how the Attivo Networks® ThreatDefendTM platform enables organizations to meet specific compliance issues specified in the RBI CS Framework, along with numerous other requirements. This paper further explains how the Attivo Networks solution provides comprehensive detection and response to organizations under threat.

Deception for a SWIFT Defense

The SWIFT network links more than 11,000 financial institutions in more than 200 countries and territories worldwide, and as such, requires a level of trust between member institutions to ensure the integrity of the network. Unfortunately, the SWIFT network has increasingly become a target of attackers over the past few years and traditional security measures are no longer sufficient to deter and stop attackers. This white paper delves into the ways deception technology addresses these challenges.

GDPR with Deceptive Technology Perspective

GDPR is The General Data Protection Regulation which will radically change the data usage and protection landscape when the document comes into force on May 25th, 2018.

Deception Technology—Much more than a Honeypot

This solution brief will detail the origins of honeypots, the logic behind them, and what features ultimately inhibited their universal adoption – followed by a look into what comprises present-day deception technology, how it has evolved, and the functionalities that are catalyzing worldwide deployment and adoption.

BD and Attivo Networks Provide Visibility and Detection of Cyberattacks on IoT Medical Devices

Collaboration Advances Medical Device Cybersecurity

Attivo Labs Research: Petya/Not Petya Wiper Attack Analysis

Petya wreaks havoc by locking the hard drive MFT and MBR sections and by preventing computers from booting.

Attivo Labs WannaCry Report

Ransomware attacks continue to be a top threat.

Attivo Networks Deception Platform Integrates with BD Medical Devices

Attivo Networks Deception Platform Integrates with Becton, Dickinson Medical Devices to Provide Advanced IoT Threat Detection

Deception Technology for Financial Institutions

This paper explores challenges faced by financial organizations and how deception technology changes the game on attackers with reliable in-network threat detection and response capabilities.

Deception in Security Penetration Testing

As many organizations look to test their network resiliency, penetration tests are playing an increasingly integral role in understanding an environment’s vulnerabilities through the simulation of a real attack. Deception provides early and efficient warning of attacks, whether they originate from malicious internal or external threat actors or from a security tester. 

BOTsink® Analysis Functions

To help security analysts investigate incidents, gather forensic evidence, and analyze malware, the BOTsink provides the Attack Threat Analysis (ATA) engine and the Malware Analysis Sandbox (MAS).

Deception for Enhanced Cloud Security

The Attivo ThreatDefend platform is designed to integrate seamlessly with AWS, OpenStack, and Azure deployments to scale to organization’s cloud needs

Ovum, On the Radar: Attivo Networks offers deception, vulnerability assessment, and response automation

The ThreatDefend™ portfolio includes all these capabilities.

Detect Infected Machines and Stop Data Exfiltration with Attivo Deception Platform and Juniper SRX Firewalls

Attivo Networks integrates with Juniper SRX Firewalls

Attivo Networks Deception Platform Integrates with the Check Point Management Server

Attivo Networks integrates with Check Point Management Server

Know What is Lurking in Your Network

Find out how deception technology allows for in-network detection of advanced threats.

Pre-emptive Spear Phishing Management

Learn why phishing is one of the top cyber attacks occurring, how it works, and the steps an organization can take to protect their employees.

The Role of Dynamic Deception in the Cyber Kill Chain

Learn about the challenges of today’s threat landscape and the opportunities to address holes in the cyber attack lifecycle.

Attivo Networks Partner Integrations for an Active Defense

Deception technology in the cyber security eco-system