Support Login


Advanced Network Security for Retail

Deception Based Threat Detection

A recent survey completed by The Ponemon Institute found that the most common method retailers used for identifying an advanced threat was a “a gut feeling.” According to the report, it took retailers 197 days on average to identify that they’d been hit with an advanced threat, and took them 39 days to contain it

Forensics and known attacker signatures were sited as the next most popular detection approaches, noting they were on average used only ½ as often as gut feel.

On average 1/5th of a retailer’s security budget is spent on “cyber kill chain activities” related to the disruption of an attack before it happens. Despite this heavy investment, breaches are still happening and most organizations still struggle with their ability to detect and contain denial of service attacks and to promptly detect data that is being exfiltrated.

Many retail organizations are turning to threat intelligence and threat hunting, however these methods require input and analysis by trained professionals. Staff often fail to follow up on alerts promptly because of high alert noise. With an average of only 11 employees responding to security threats vs. 19 in financial, it is not difficult to understand why detection and incident response in retail is falling behind other industries in cyber security.

These cyber attacks are not limited to brick and mortar facilities. Google, Facebook, Amazon, and other online organizations are not immune. They all collect and use information about their customers for targeted advertising, sale to third parties, and data analysis. It would be shocking to most users to understand the breadth of information that is collected about them, how it is used, and transferred with other parties.

In additional to corporate cyber attack vulnerabilities where attackers seek to acquire highly valuable customer data, the retail industry must also protect point-of-sale and IOT Devices. There has been a recent wave of cyber attacks on these devices since they are very common within retail operations and standard cyber defense solutions are often unable to detect these advanced threats.


Retailers also have compliance responsibilities related to PCI DSS. Attackers will often move through retail and third party payment networks acquiring customer data and looking for the potential to divert funds. The retailer owns the responsibility for ensuring that payment card data is protected and must monitor its systems to ensure that no unexpected changes have occurred and that the integrity of the connection is maintained at all times.  Attacks have become increasingly more sophisticated and malicious. In turn, intrusions and breaches progressively more difficult to detect.

Recent high profile breaches at retailers have shown that breach detection is not reliably being addressed. We are also seeing that organizations that have not demonstrated sufficient security measures have left themselves not only at risk of losing customers, but they have also left themselves exposed for other financial consequences.

The Attivo Solution

Attivo takes a modern approach to network security and operates on the premise that attackers will get inside the network. Attivo has created advanced network security solutions that use deception based threat detection techniques to help retail organizations dramatically increase the speed to which threats inside the network are uncovered, understand a attacker’s intent, and establish a defense against future attacks.

The Attivo BOTsink® active deception techniques using real full operating systems and services involve luring attackers to engage with the BOTsink Solution vs. company servers or POS devices. Highly interactive decoys are 100% customizable to a retailer’s environment for additional authenticity. Signatures and/or big data analytics are not required to detect intrusions and there are no false positives, aka noisy alerts, since an alert is only generated from real engagement. A full suite of forensics is provided via the Attivo threat intelligence dashboard and IOC reports to update preventative systems with the tools to shut down current and future attack attempts.

The Attivo active deception techniques are authentic and proven to detect threats targeted at exfiltrating client records and valuable business information stored in data centers, transacted by POS solutions, shared with business partners and third parties, and associated with Internet/web presence, HTTPS, and phishing attacks.