OVERVIEW

Reducing Cybersecurity Risk

As businesses adapt to technology changes, compliance requirements, and evolving security challenges, they are turning to the ThreatDefend Platform to enhance their cyber-risk mitigation strategies.  The platform aligns to several well-known security frameworks such as the NIST Cybersecurity Framework, the MITRE ATT&CK framework, and ISO 27001/27002.  It provides ongoing reliability assessments of both security tools and processes, and aids in providing metrics for accountability and acting on or assessing a business’s risk management program.  With its ability to defend legacy systems and devices with limited built-in security as well as its ability to cover the expanding attack surface, the ThreatDefend platform reduces cybersecurity risk across the organization.

Risk Reduction

Cyber-Risk Mitigation

Organizations are modernizing their approach to the ever-evolving information security landscape. This requires implementing security programs differently, moving beyond IT risk management and shifting the focus to digital risk management. Rather than merely protecting an asset, server, or endpoint, they are enabling new services for competitive advantage in the marketplace, cost reduction, and reducing overall business risk. Digital risk management models are evolving to address new attack surfaces, limitations in built-in device security, as well as business models that grant deeper access to insiders, suppliers, and contractors.

Deception technology plays a critical role in an organization’s ability to adapt to these changes by aligning to how a company can manage their risk tolerance levels, assessment, architectures and systems. It also aids in providing metrics for accountability and acting on or assessing achievement of a business’s risk management program. The ability to deliver fast and accurate notifications of malicious activity as well as policy violations and misconfigurations by threat actors with inside access allows organizations to better manage and reduce risks to the business.

Security Framework Alignment

Organizations must have the necessary metrics to baseline and measure the efficacy of their risk reduction programs. When deception is incorporated into an organization’s risk reduction strategy, it can aid in measuring the reliability of security controls and deviations from acceptable risk policies.

Organizations rely on security frameworks like NIST, MITRE, ISO, or industry-specific models such as PCI-DSS or HIPAA for setting acceptable operating practice. Each framework varies in approach but are all useful in defining how an organization is to behave, implement, integrate, manage, report and generally measure adherence to the controls being identified.

The ThreatDefend platform supports a wide variety of standard security frameworks.  For example, it aligns to over 30 framework subcategories of the NIST Cybersecurity Framework s and has a direct and measurable impact in improving an organization’s security posture.  It plays a similar role with the ISO Cybersecurity Framework, where it aligns to over 25 control requirements, and the MITRE ATT&CK framework, where it can detect across nearly all attack technique categories.

Ongoing Assessments

As the threat landscape changes, organizations must assess the effectiveness of their security programs.  The ThreatDefend platform plays a critical role in an organization’s ability to adapt to the changing threat landscape by providing ongoing reliability assessments of both security tools and processes.  By providing detection and insight into how and when an attacker bypasses a security control, it empowers the organization by identify gaps in coverage or capability to improve their defenses.

With ThreatPath, security teams can identify and mitigate exposures from stored credentials and misconfigurations that allow attackers to laterally move between systems and infiltrate deeper into the network.  The visual replay capability provides session-based timelines of attacker activity that show how and when attackers bypassed controls so the defenders can add measures to compensate for the coverage gaps.  With the network visibility the platform provides, security teams gain awareness of device adds and changes in near real time so they can adjust security controls or identify potential issues.  The included CVE Simulator gives the organization the ability to appear vulnerable to specific attacks to assess whether attackers are actively targeting them.  Together, these capabilities act as tools for the organization to actively assess and improve security.

Pen Testing and Red Teaming

Penetration Testing and Red or Purple Teaming are essential to evaluate an organization’s security posture.  Organizations will conduct a pen test or Red Team exercise to meet regulatory demands, customer requirements, or to validate systems and processes.  They receive a report that outlines findings and evaluations, but may not have all the information they need to improve their security controls or processes for the greatest benefit.

The ThreatDefend platform is a powerful tool during ongoing security control assessments, especially when coinciding with a Red Team, Purple Team, or Penetration Test.  The platform immediately identifies when the Red Team or pen tester successfully bypasses a security control and engages with the deception environment.  It can also assess process effectiveness by providing metrics on how effective the security team and existing controls are responding to such events.  With the visibility and forensic evidence the deception platform provides, the organization can identify what security controls and processes need improvement and coverage gaps to address.  Given its ability to validate the resiliency of networks and efficacy of security controls and processes, the ThreatDefend platform is a valuable means of measuring and improving overall security.

Legacy/Device Security

The explosive growth of interconnected devices into production and Internet-accessible environments has altered the threat landscape.  IoT devices, SCADA systems, POS terminals, Telecom, and Medical devices all present increased security challenges.  With older or stripped-down operating systems, the lack of built-in security controls, end-of-life patch cycles, or the inability to run antivirus or malware programs, even specialized devices with limited computing power are inviting targets to threat actors looking to use them as entry points or collectively for a more substantial attack.  Even systems fresh from the factory can present a risk as attackers compromise supply chains to infect them with malware preloaded during manufacturing or in transit.

By introducing deception into these specialized environments, defenders efficiently identify attackers and divert them from their actual targets.  The ThreatDefend platform can defend these specialized devices, whether they are legacy infrastructure with no available patches, or modern internet connected devices.  It can provide deception for individual devices, at the Human-Machine Interface, or at the supervisory control level.  The platform provides visibility, detection, and misdirection in Operational Technology networks to identify malicious activity.  It creates authentic-looking decoys for individual devices or their control infrastructure to present inviting targets for attackers to engage.  The platform gives tools for organizations to mitigate security risks associated with the limitations of many of these specialized devices to reduce overall risk to the environment.

BENEFITS

Organizations choose Attivo Networks Deception Technology risk reduction because:

Reporting and recording of incidents

Closing gaps related to security frameworks

Ongoing visibility into security control reliability

Reduce risks related to deploying

Reduce risks related deploying new programs and services

Mitigate Risk

Mitigate risks associated with shared security models in the cloud

Increased preparedness

Increased preparedness to maintain compliance and certifications

"Risk mitigation for less secure environments

Risk mitigation for less secure environments such as ICS/SCADA, IoT, Medical IoT, and more

Find out how deception can help you reduce your risk.