What Drives Attivo Deception Technology Adoption?
Unlike other security solutions, Attivo focuses on detecting the threats that have bypassed perimeter security controls, which all determined attackers eventually do. Highly authentic deception traps, along with data, application, and credential lures are deployed to attract an attacker into engaging and revealing their presence. This is quick, efficient, and customers have cited being able to detect and respond to threats in 15 minutes, a dramatic difference compared to the 100+ days of dwell time that many organizations contend with. The solution also adds continuous detection value throughout the phases of the kill chain.
Additionally, innovation continues to outpace security, as evidenced by IoT devices outnumbering humans and cloud deployments winning on economics over security. Industrial control and medical device technologies are now being connected to the internet with high vulnerability profiles and inadequate security controls, presenting a tremendous risk to human safety. Deception technology provides continuous visibility into security control efficacy from legacy environments to the most modern attack surfaces. Lures will entice, and decoys will alert on attackers targeting these devices, mitigating risk within these inherently less secure environments.
Prior investments made for in-network threat detection have been historically low, driven by detection technologies that generated false alarms or were limited to only detecting known attacks. Attivo brings forward a different approach to detection, which provides tremendous value based on its ability to accurately detect threats, raise only high- fidelity substantiated alerts, and provide native integrations for automated incident response.
Deception technology provides organizations the ability to create a proactive defense against the adversary. This includes setting decoy landmines lying in wait for the attacker, proactive luring for revealing in-network attackers, and the ability to collect rich adversary intelligence that can be used to verify eradication of threats, mitigation of returning perpetrators, and fortifying overall defenses. DecoyDocs can also be insightful for understanding what an attacker is targeting and the geolocation of opened documents.
Attivo commercial-grade deception has removed prior scalability and operational management barriers that had limited the adoption of earlier deception technologies. The company’s use of machine self-learning automates the preparation, deployment, and ongoing maintenance of the deception environment and the solution’s flexible architecture makes deploying across datacenters, cloud, user networks, remote locations, and specialized networks quick and easy. It is now so simple that customers report that it takes less than 5% of one FTE’s time to manage the Attivo deception platform. It is notable that Gartner is recommending deception technology as a top 10 strategic technology trend for 2018 and views Attivo Networks as a market leader with the most mature and comprehensive portfolio.
Attivo ThreatDefend™ Deception and Response Solution:
The ThreatDefend™ Platform provides a powerful security control for early threat detection and for applying a proactive defense that can be used to change the asymmetry of an attack. As the most comprehensive and scalable platform on the market, Attivo dynamic traps, bait, and lures provide threat deception for today’s evolving attack surfaces including networks, cloud, data centers, remote offices, and specialized environments such as IoT, medical IoT, ICS-SCADA, POS, infrastructure, and telecommunications. By creating attractive and believable decoys, the solution turns the network into a virtual “hall of mirrors,” that disrupts an attacker’s reality and imposes increased cost as they are forced to decipher real from fake. One small mistake will reveal the attacker’s presence and force them to start over or abandon their efforts altogether. The ThreatDefend architectural approach also removes the debate of whether deception is best suited at the endpoint or within the network by providing both. Deployment at the endpoint and at the network level provides early and accurate detection of attacks from all threat vectors including reconnaissance, credential theft, Active Directory, and complex man-in-the-middle attacks. The company has also pioneered machine self-learning which automates the preparation, deployment, and maintenance of the deception environment. Ease of management combined with actionable high-fidelity alerts makes the ThreatDefend solution simple for organizations of all sizes to operate, without the need for adding incremental resources.
Attivo ThreatDefend Solution Differentiation
Unlike traditional detection offerings, the ThreatDefend platform doesn’t stop with detection alerts and goes further to provide organizations with tools for an Active Defense. Organizations also gain attacker threat intelligence for simplified incident response, threat hunting, and returning adversary risk mitigation. The ThreatDefend high-interaction attack analysis engine automatically correlates information, generates
incident tracking reports along with an insight into attack path and lateral movement. The collection of attacker TTPs, IOCs, and counterintelligence deliver invaluable intel into attacker capabilities, goals, and the information they are seeking to exfiltrate, which can be applied to stop perpetrators and to fortify defenses. The platform’s extensive native 3rd- party integrations automate the sharing of IOC information, accelerate incident handling, and create repeatable incident response playbooks for efficiency in threat remediation.
Throughout history, deception has been used in military warfare, sports, and gambling to outsmart adversaries. Attivo Networks is now successfully applying threat deception in cybersecurity and empowering organizations of all sizes and industries to gain the upper hand against attackers. Please visit www.attivonetworks. com for more information or read the company blogs here.