Support Login.

twenty + eleven =

 

Threat Detection

Deception-Based Threat Detection for Comprehensive and Adaptive Security Defense.

A well-designed deception system is designed to fit non-disruptively into an organization’s existing security ecosystem. Deception and decoy solutions provide an additional line of defense for networks, data centers, cloud and SCADA environments to address the situations where attackers have bypassed prevention security systems and real-time notification of inside the network threats is required.

Security Infrastructure Solutions

Today’s cyber attacks come in a variety of threat vectors, which can include attacks that start with reconnaissance, stolen credentials, phishing or ransomware attacks. Attackers are in general either scanning a network to find hosts with services or applications to compromise or seeking to exfiltrate employee credentials or data. Either way, attackers and their automation tools rely on the responses they receive throughout the attack process they undertake to achieve success in their attacks. Real-time detection bundled with attack forensic analysis play a critical role changing the playing field against attackers.  The hunters now become the hunted, putting the power of control back into an organization’s hands.

 

BOTsink

Deception Servers and Deception Lures

  • Deception servers and deception lures are based on creating attractive bait and a matrix of deception servers designed to lure attackers into engaging.  Comprehensive deception solutions include endpoint, server, and application level deceptions. Additionally, a deception platform will include the ability to provide attacker identification and forensics, which can be used to understand an attackers methodology, intent, and to defend against the cyber attack.
  • Deception techniques are not necessarily new to security. However, significant technology advances and new approaches to deception are delivering additional capabilities, better scalability, and improved manageability over legacy approaches such as honeypots or honeynets.

Attacks That Begin With Reconnaissance

Attacks begin with a scan of the network from the infected endpoint to locate the asset and services an attacker wants to target.

  • The Attivo solutions engage attackers by hosting network services across multiple virtual machines, IP services, and subnets luring attackers into revealing themselves as soon as they start to look for your high-value assets.
BOTsink
BOTsink

Attacks That Begin With Stolen Credentials

Attacker exploits the infected endpoint to extract credentials and location of the assets that it wants to target.

  • The Attivo Information Relay Entrapment System (IRES) provides a customizable and nonintrusive technology that lures such targeted attacks to its solution to detect infected endpoints, servers, and VMs.

Save Your BitCoins: Deception for Ransomware Detection

Organizations with some of the best-in-class prevention system are demonstrating that they cannot reliably stop ransomware attacks

  • New malware strains go undetected by signature-based systems
  • Polymorphic malware is hard to detect and stop
  • The web exploits utilized legitimate looking java scripts and are bypassing security prevention systems.

Deception is playing a critical role in protecting against ransomware attacks such as Qakbot and Locky. Not reliant on known signatures or attack patterns, Attivo can deceive the attacker into engaging. Once detected, the attack is analyzed and in-depth reporting provided for quarantining and updating of prevention systems. 

BOTsink
BOTsink

Pre-Emptive Spear Phishing Management

  • Phishing scams are designed to take advantage of software and security weaknesses and a general lack of victim awareness and education to succeed. Masquerading as a familiar and reliable source, phishing scammers convince victims that their messages are legitimate and deceive them into providing confidential and financial information.

  • To mitigate the risks posed by spear phishing, organizations can leverage the Attivo BOTsink® solution as a complement to their existing security technologies to detect threats that are inside their network and to identify the intent and maliciousness of a phishing campaign.

Insider Threat Visibility and Detection

Privilege escalation, abuse of privileged accounts and data exfiltration represent serious issues associated with insider security compromises. The Attivo ThreatMatrix Deception and Response Platform provides the visibility and detection for insiders, suppliers, and trusted 3rd party organizations that inherently bypass most security controls.

  • Deception decoys lay traps to detect reconnaissance
  • Deception credentials misdirect privileged account escalation
  • ThreatPath shows exposed credentials and misconfigurations
BOTsink
BOTsink

Defense in Depth for Amazon Web Services

  • Amazon Web Services (AWS) offers a range of security controls however Amazon makes clear that public clouds entail a shared security model
  • The Attivo deception platform is designed for the shared security model and uses deception techniques to provide real-time visibility to inside the data center threats that have bypassed other security measures

Detect and Quarantine threats in the OpenStack SDDC

OpenStack integration provides organizations with efficient and effective detection of inside-the-network threats for virtualized software defined data centers (SDDC).

  • Security group policies can be set enabling the automatic quarantine of infected VM’s
  • Containment of an attacker prevents movement to other VMs to maintain persistence
BOTsink
BOTsink

Deception for ICS-SCADA Network Protection

With SCADA systems becoming increasingly vulnerable to sophisticated and persistent hackers, air-gap and prevention only security solutions are not able offer the reliable protection needed to defend against a cyber attack. An effective strategy to secure your SCADA network is to take a defense-in-depth approach that includes prevention solutions and deception technology for inside-the-network threat detection.

First Deception-based Threat Detection Platform for Internet of Things (IoT)

IoT networks bring in a diverse amount of connected devices and can introduce multiple points of vulnerabilities in the networks. The Attivo Networks Deception Platform is designed to detect cyber attackers regardless of whether the attack is a targeted, stolen credential, ransomware, or insider threat. Customers can configure the Attivo Deception Platform to look identical to IoT systems based on  XMPP, COAP, MQTT, HL7 and DICOM based PACS servers in their networks.

BOTsink
BOTsink

Point-Of-Sale Attack Systems

The Role of Early Detection for Breach Prevention

Point-of-Sale System Attacks researches the environment of Point-of-Sale (POS) device vulnerabilities and articulates how POS attacks happen, the anatomy of a POS attack, and how deception can play a powerful role in protecting against cyber-attacks. More than just analyzing the environment, Point-of-Sale System Attacks analyzes three separate case studies on potential attacks on large, regional, and mid-size organizations while providing unique insight on the best practices for organizations to protect themselves against POS attacks.

Distributed Deception Platforms for Automated Incident Handling

ThreatOps™ accelerates incident handling by automatically correlating attack information within one dashboard to score and create playbooks.

  • Incident scoring and playbooks for repeatable processes
  • Automatic quarantine and attack blocking with 3rd party integrations
  • Threat hunting through Attivo and NAC integration
BOTsink