In-network threat detection can occur at the endpoint or within the network. Network-based deception addresses the attack tactics that start at the network level where attackers seek to enumerate the environment to find usernames and info on groups, shares, and services on networked computers or to harvest credentials by attempting a Man-in-the-Middle attack. This detection method is universally recognized for its ability to deliver high fidelity alerts because they are based on actual attacker engagement.
To reduce the risk of a successful attack, network-based deception is used to derail attempts at reconnaissance early in the attack cycle. Human or automated attackers will see devices that appear as production systems, where they are, in fact, decoys designed to mimic them. Deception devices that run full-OS decoys create the highest levels of authenticity. Emulated systems can also be effective for certain use cases and environments. Today’s cyber deception platforms have removed the operational issues associated with early-day honeypots and now use machine-learning to learn the environment automatically. This acquired information is then used to automate deployment and make ongoing operations to maintain authenticity extremely simple, no longer needing highly skilled experts to operate. High-interaction cyber deception platforms also provide the means to gather adversary intelligence safely for faster triage and remediation.
Unknown threats, mistakes, and misconfigurations can allow attackers to bypass prevention solutions.
Shared security, containers, and serverless environments create unique detection challenges.
Not all endpoints can run AV or produce logs for analysis ie: ICS, IoT, network infrastructure.
73 Days to find an in-network attacker. Deception can reduce dwell times by 91%.
Detect reconnaissance from human and automated attacker.
Reduce false positives. Receive only high-fidelity alerts.
Create virtual landmines to efficiently derail attacks.
Detection coverage for on-premises, cloud, and specialized environments.
Machine-learning for automated operations.
Safely gather adversary intelligence including TTP’s and IOCs.
Decoy documents serve as bait and to reveal attacker targets.
Automate incident response via native integrations.
Reduce time attackers remain undetected and response time.
Gain early and accurate threat detection of human and automated attackers targeting networked systems and devices. Golden image customization delivers optimal authenticity
Improve visibility into threat activity within an organization’s cloud environment
Achieve awareness of attacks targeting ICS/SCADA systems
Improve security over IoT devices on the network
Learn when attackers target routers, switches, and other networking infrastructure
Coverage for a wide-variety of endpoints and machine-learning for automated learning and deployment
Capabilities to collect adversary intelligence and forensic data empower faster triage
Integrations with EPP and EDR solutions facilitate automated incident response
Ready to find out what the Attivo Networks solution can do for your organization? Our security experts are standing by, ready to answer your questions.
Deception Based Threat Detection eBook