Attivo Beefs Up Deception and Response Platform
Attivo Networks has enhanced its ThreatDefend platform designed to deceive and reveal attackers that have bypassed perimeter security. It has added counterintelligence functionality to help companies identify the specific data attackers are seeking, as well as geolocation services that indicate where the documents are being accessed.
The platform’s new DecoyDocs feature provides the ability to plant deception files that allow the organization to conduct data loss tracking (DLT) on documents that have been exfiltrated. By embedding a tracking call-back function into a document, the solution provides information about what was stolen and where an attacker opened the file, whether inside or outside of the network.
Carolyn Crandall, Attivo’s chief deception officer, tells us the platform provides new opportunities for partners by providing them with an active security defense based on prevention, detection and response capabilities.
“The solution does not replace existing prevention infrastructure, but instead closes the in-network detection gap and provides tools to reduce dwell time, accelerate attack analysis, and reduce incident response time,” she said. “The functionality of counterintelligence is a new conversation that partners can have with customers in order to help them strengthen their overall defenses. Now, in addition to threat and adversary intelligence that can be gathered by deception technology on an attack — counterintelligence can be added to better understand the types of documents being targeted.”
Partners can offer deception-based threat detection as a mechanism for building an active defense for customers across all industries, Crandall said.
“Resellers specializing in IoT, ICS (industrial control system) or POS can now offer early detection for network devices that have been historically difficult to secure,” she said. “Partners selling to legal, technology or entertainment industries can now also promote this counterintelligence solution as a means to understand if their customer is being targeted on a particular case, patent or other IP theft.”