Adaptive Deception Delivers Ops Agility to Outmaneuver Attackers

Attivo Networks
Maintaining decoy, credential, and deception object authenticity and attractiveness is core to the efficacy and manageability of deception-based threat detection. Attivo Networks provides a variety of deployment options and approaches to keep the deception environment fresh.

Attivo Networks, the leader in deception solutions for cybersecurity defense, and a Finalist in the 2017 ‘ASTORS’ Awards, announces it’s Adaptive Deception Campaigns, which use machine-learning to create and automate the deployment of campaigns that bolster deceptions to address the evolving threat landscape and ever-changing attack surface.

Adaptive campaigns are unique to other security controls in that they change the asymmetry of attacks with their ability to change the network “game board” automatically or on demand based on suspicion that an attack is underway.

This new power to reset deception throughout global networks at whim, gives security teams the offensive control to force the attacker to start over, make a mistake, give up or incur increased time and costs in their attempt to breach the network.

Dr. Edward G. Amoroso, CEO, TAG Cyber LLC
Dr. Edward G. Amoroso, CEO of TAG Cyber LLC

“Even if the attacker is close to checkmate, this reset will cause immediate uncertainty and dramatically increases the likelihood that their next move will be a mistake,” said Ed Amoroso, CEO, Tag Cyber LLC.

“Regardless of whether they proceed as planned with attack, their chance of error dramatically increases.”

“Plus, with the ability for dynamic deception to fire up new decoys where there is suspicious activity, the attacker’s odds of success continue to plummet.”

The threat canvas is constantly changing with more sophisticated human attackers and machine automated attacks designed to exploit company security weaknesses and prey on human error.

Earlier this year, Attivo released its Camouflage framework, which set the foundation for applying machine learning to its deception synthetic network.

Deception networks are commonly referred to as synthetic because they mimic production assets and appear as real assets, credentials or other target bait in order to obfuscate the attack surface.

Dynamic deception makes these decoys high-interaction with real operating systems and “golden image” software (same images as production units) so that they blend in and are indistinguishable to the attacker.

This is a vast improvement over early generation deception, which used emulated images based on low interaction and as such, were often easily detected.

In its latest software release, Attivo took the Camouflage framework to the next level and applied the discovery and learning of the environment to now be able to auto-propose deception campaigns for simplifying the deployment and update of its network decoys, credential lures, and deception objects.

Tushar Kothari, CEO of Attivo Networks
Tushar Kothari, CEO of Attivo Networks

“It is not enough to only think like an attacker, one must know how to defend against them,” said Tushar Kothari, CEO Attivo Networks.

“Attivo continues to pioneer new ground for global scalability and deception technology advancements that put the offensive advantage back into the hands of the security team.”

“We are exceptionally pleased with this new release as it can completely befuddle attackers and stop them in their tracks.”

Redefining scalability, the introduction of Adaptive Campaigns fully automates the deployment process, empowering organizations with the ability to periodically or on demand create and update all deception in the network.

Adaptive Campaigns deliver an uncomplicated approach to rolling out and inserting highly attractive deception in the same networks as production assets, at the click of a button.

Additionally, if it is believed an attack is underway, the ability to completely reset the deception environment can be an instrumental offensive measure to gain the upper hand.

Whether the attacker is gathering information or attempting to harvest credentials, an environment reset will create uncertainty for the attacker, escalate the chances of them making a mistake, and increase their costs as they are forced to restart or abandon their attack.

(Learn about deception technology and the Attivo Networks ThreatDefend Deception and Response Platform. Courtesy of Attivo Networks and YouTube)

Security teams can embrace the automation benefits of Adaptive Deception Campaigns confidently because Attivo deception architecture is not inline and doesn’t require agents on the endpoints and as such, its changes will not impact other network operations.

Attivo Adaptive Deception Campaigns provide breakthrough scalability, which is critical for large network deployment and for instantly resetting the attack surface to stop an attacker from successfully completing a breach.

With this new functionality, Attivo customers gain the power to non-disruptively discover the production environment, quickly roll out a new deception layer, on demand reset the user “synthetic” network, and redistribute cloud or data center decoys or distributed specialized systems such as point-of-sale networks (POS), industrial control systems (ICS-SCADA) or Internet of Things (IOT) assets.

Deception-based detection technology changes the game on attackers.

Taking a page out of military operations, Attivo applies deception-based decoy and attacker luring technologies within the network to deceive and misdirect attackers into revealing themselves.

Deception presents a unique opportunity to change the asymmetric war against cyber attackers, altering their reality and imposing increased cost as they are forced to decipher what is real and what is fake.

It is a rare opportunity to exploit the trust that attackers have, slow their attack, and turn the tide against them.

Enrique Salem, managing director, Bain Capital Ventures

“Attivo’s innovation is impressive and strengthens not only in-network detection but also serves to strengthen a company’s edge defense,” added Enrique Salem, managing director of Bain Capital Ventures.

“Since our initial investment in Attivo in 2015, we continue to see the company chart new territory in deception use cases and in the value it presents to customers.”

“Today we’re particularly excited about Attivo’s creation of deception technology for counterintelligence, opening new opportunities for the government to combat targeted attacks.”

One of the greatest challenges faced by computer security professionals is the inability to detect early credential theft and lateral movement within the computer system or network, reflecting an over reliance on their perimeter defenses.

Attivo Networks

This failing is why attackers are able to remain undetected for extended periods of time and disappear into the litany of alerts practitioners receive.

Due to this crucial issue, a 2016 Ponemon Institute study found that organizations on average took more than six months to identify a security breach, as well as an additional 66 days to contain the breach after discovery.

Chris Bishko, partner, Omidyar Technology Ventures
Chris Bishko, partner, Omidyar Technology Ventures

This lack of detection resulted in 1,935 successful breaches in 2016, according to the Verizon DBIR report.

“Traditional security detection technologies must parse through oceans of data in hope of identifying suspicious activity,” noted Chris Bishko, partner, Omidyar Technology Ventures.

“This exercise is akin to looking for a needle in a haystack.”

“Attivo’s deception solutions address the shortcomings of this paradigm.”

“Deception “tripwires” are placed pervasively throughout the network, alerting on attacker engagement, and reducing the risk of incursions remaining undetected for extended periods, as seen in essentially all recent high-profile breaches.”

Attivo Networks Deception: Award-Winning Technology

Attivo Networks deception is designed for an evolving landscape of threats and attack surfaces.

Deception efficiently sets traps, lures, and high-interaction attacker engagement that attracts and misdirects, regardless of whether the attackers are human (advanced persistent threat (APT), insiders, third party) or automated (malware, scripts, bots).

The attacker movement, tools, techniques, and methods can then be analyzed and shared with existing security controls to isolate infected systems, block the attack, and threat hunt for further infections.

With this information, enterprise security staffers can quickly identify the attacker and prevent the threat from executing their mission.

Deception as an efficient approach to in network detection has been widely recognized by analysts, with Neil MacDonald from Gartner, Inc. recommending it as a 2017 top 10 cybersecurity initiative.

In addition, Attivo Networks has received 19 awards from cybersecurity publications in 2017 alone so far.

It has also attracted positive coverage from a number of technology analyst firms, including Gartner Inc. (Cool Vendor 2016), 451 Research, Frost and Sullivan, TAG Cyber, Ovum, and Information Security Group (ISG).

Attivo ThreatDefend Response

  • As the attacker engages with the deception environment, the BOTsink multi-correlation engine analyzes the attack and creates the forensic reporting for the incident.
  • This attack information will then create evidence-based alerts and be viewable in a threat intelligence dashboard, in which double click actions can be taken through 3rd party integrations to block and quarantine attackers.
  • Companies and agencies can then create repeatable playbooks based on information that they would like shared with their firewalls, endpoint, NAC, and SIEM solutions, so that their security policies can automatically be applied.
Attivo Deception for Threat Detection
Attivo Deception for Threat Detection

In ICS environments, where human lives and safety can be quickly at risk, it is not enough to simply think like an attacker and know how they get in.

One must think like a responder and have deep expertise in detecting and defending against these attackers.

Attivo engineers have applied their extensive expertise in intrusion detection and protection and have designed the ThreatDefend- BOTsink solution for optimal efficiency for ICS network threat detection and accelerated incident response.

Using Attivo deception, the game has changed, attackers must now be right 100% of the time or be caught, and now when they are, organizations are equipped to quickly and efficiently respond to them.

Attivo Networks a Finalist in 2017 ‘ASTORS’ Homeland Security Awards Program

The 2017 ‘ASTORS’ Homeland Security Awards Program, is organized to recognize the most distinguished vendors of Physical, IT, Port Security, Law Enforcement, First Responders, (Fire, EMT, Military, Support Services Vets, SBA, Medical Tech) as well as the Federal, State, County and Municipal Government Agencies – to acknowledge their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’

As an ‘ASTORS’ competitor, Attivo is competing against the industry’s leading providers of Innovative IT Intrusion Detection & Prevention Solutions, Integrated Security Management and Critical Infrastructure Protection Programs.

American Security Today will be holding the 2017 ‘ASTORS’ Awards Presentation Luncheon at 12:00 p.m. to 2:00 p.m, Wednesday, November 15th at ISC East, the Northeast’s largest security industry event, in the Jacob Javits Exhibition Center in New York City.

At ISC East you will have the chance to meet with technical reps from over 225 leading brands in the security industry, allowing you to find out about new products and stay ahead of the competition.

Encompassing everything from Video Surveillance and Access Control to Smart Home Technologies and Unmanned Security, you’re sure to find products and services that will benefit your company and clients.

To register for the ‘ASTORS’ Awards Presentation Luncheon at ISC East, in the Jacob Javits Exhibition Center from 12:00pm – 2:00pm, click on the banner below, or go to

Good luck to Attivo ThreatDefend on becoming a Winner of the 2017 American Security Today’s Homeland Security Awards Program!

To learn more about ThreatDefend and Attivo Networks wide range of offerings, please visit the company’s website at