Guest OpEd by Tony Cole, Chief Technology Officer, Attivo Networks
With attackers increasingly targeting government agencies and contractors, a background in homeland security is a handy thing to have—and my homeland security career has more or less run the gamut.
For starters, I spent considerable time as an army cyber operator, building operations in several different areas for the military—including a stop at the Pentagon, where I initially started working with cyber honeypots. In some ways, this was my introduction to the idea of “deception technology,” though deception has come a significant way from its honeypot days.
When I retired from the military, I leveraged that experience to join and help the first commercial honeypot company, Recourse Technologies, where I stayed for a number of years after Symantec acquired it.
For a number of years at Symantec, and then at McAfee, I built up the global government consulting team, where I ran global government and critical infrastructure consulting.
I then moved on to FireEye, as their Global Government CTO which involved consulting with the United States government, its allies, and their critical infrastructure companies worldwide to help them understand the digital threats they faced more thoroughly.
This also helped me better grasp the perspectives of CISOs and security teams around the globe worried about being attacked by nation-state-backed adversaries and financially motivated attackers.
This experience ultimately led me to where I am today: Chief Technology Officer of Attivo Networks, the industry expert in preventing identity privilege escalation and detecting lateral movement attacks. I was eager to return to the deception space, as well as to expand beyond it.
I hoped I could leverage my 38 years of experience to help Attivo and its customers look at things a little bit differently. Too often, defenders don’t have the requisite toolsets to identify and counter today’s most sophisticated attacks—and our goal is to change that.
Critical Homeland Security Threats Loom
Recent incidents like the Colonial Pipeline hack highlight the need for those toolsets.
These incidents have underscored the degree to which government and government-adjacent organizations remain particularly vulnerable to cyberattacks sponsored by hostile nation-states.
Countless defense contractors, energy companies, and providers of other critical services do not have the capabilities (or, often, the expertise) needed to defend themselves against sophisticated attacks.
Unfortunately, simply asking Russia, China, North Korea, and other potential aggressors to leave those organizations alone is not a viable option. Espionage has been around for centuries, and it isn’t going to stop now.
But like any large bureaucracy, change comes slowly within the government—and making even minor, security architecture changes will take even longer.
To further complicate matters, for many years, there was no viable career path for cybersecurity within government, which has led to a lack of both the resources and expertise needed to solve today’s problems.
Worse still, it can be difficult for the government to hold onto expertise, as top talent tends to make its way to more profitable commercial ventures. More effective resourcing is needed, but those shifts can also take time.
Technological pitfalls are also essential to consider. Investments in operational technology (OT) are expected to be long-term investments. After all, replacing an industrial control system or air traffic management system is not as simple as swapping out laptops every two or three years.
These systems are expected to be in place for decades, which means the developer or manufacturer may never address vulnerabilities, especially since some of them may not even have a system to provide updates.
Unfortunately, adversaries will always be looking for potential openings, and the longer a device or system is in service, the greater the likelihood that an attacker will find one of these vulnerabilities.
Nation-states will not stop attacking one another—especially since the internet has made espionage both cheaper and more asymmetric. North Korea might not be able to take on the US directly, but they can level the playing field through cyber warfare.
With that in mind, the need for tools like cyber deception and identity detection and response (IDR) technology has never been greater.
Defenders, particularly those in the orbit of government and homeland security agencies, need solid in-network defenses that can identify and derail attackers as they attempt to move throughout the network—even if those attacks are using valid credentials.
The evolution of both attack tactics and the strategies needed to combat them has brought about significant changes in the cybersecurity industry.
The Evolution of Deception Technology
Even though my introduction to deception technology was via honeypots, it is essential to emphasize that deception has come a long way since then.
The misconception persists that deception technology and honeypots are interchangeable, but today’s technology cloaks the network in an entire deceptive fabric.
Attivo jumped into the space as the leader in deceiving and detecting adversaries from the network side, focused on identifying lateral movement and privileges escalation while leading adversaries into a decoy environment.
And because the attackers don’t know that the environment they find themselves in isn’t real, defenders can study their tactics as they attempt to continue their attacks. It’s safe to say that this goes much, much further than a traditional honeypot.
Over the past several years, it has been advantageous to see deception technology take a more prominent place within cybersecurity discourse.
The National Security Agency (NSA) recently released a new issue of The Next Wave, its review of emerging technologies, that focused heavily on deception.
One section, titled ‘Building the Science of Defensive Cyber Deception,’ touched on network deception and host-based deception, two of Attivo’s most critical areas of focus.
Initially focused primarily on the network side, Attivo has steadily expanded to incorporate most host-based offerings, engaging and explicitly interacting with adversaries through tools like ADSecure.
The NSA’s decision to foreground research into deception technology is incredibly validating.
(Attacking Active Directory and obtaining domain admin-level access is one of the attackers’ primary objectives. Active Directory and Domain controllers are prime reconnaissance targets to hunt for privileged credentials and privileged access. See how Attivo Networks provides innovative solutions for assessing Active Directory cyber hygiene, identifying specific domain, computer, and user-level risks, and detecting live attacks. Courtesy of Attivo Networks and YouTube.)
And the NSA is not alone. MITRE recently released MITRE Shield, a new framework focused on active defense.
Deceptive techniques featured heavily in MITRE Shield, and we were pleased to discover that Attivo’s offerings cover 27 of the 33 defensive techniques identified by MITRE, providing an active defense for 123 of the 190 MITRE Shield use cases.
The National Institute of Standards in Technology (NIST) has issued similar praise, through a release of controls via NIST Special Publication 800-160 Vol. 2 focusing on resilient cyber systems.
The publication provides guidance for organizations seeking to detect attackers more accurately early in the attack cycle, identifying a wide range of potential security gaps that Attivo’s deception technology offerings are well-positioned to plug.
Identity Detection and Active Directory Protection
The recent ransomware wave allowed Attivo to broaden the scope of our product offerings to further empower defenders on the endpoint side of the equation.
Active Directory (AD) is a frequent target for attackers looking for ways to escalate their attacks—after all, the technology is used by over 90% of global Fortune 1,000 companies. Despite this—and despite AD’s high level of vulnerability—AD protection remains a dangerously underserved area of defense.
To combat this, Attivo developed ADSecure. When an adversary compromises an endpoint, they will look for high-value assets.
Ultimately, they want to find the most valuable data before starting to steal or encrypt anything so that they can blackmail the target more effectively. A significant percentage of attackers will query AD, and, when they do, ADSecure will provide misleading information back to them.
Because the attacker cannot be sure what is real and what isn’t, this slows their attack and gives defenders more time to detect them.
The ability to lock down attack paths has also helped defenders take a step forward.
Attivo’s ADAssessor technology does just that, enabling defenders to identify things like configuration errors and potential attack paths through AD, while also helping them clean up exposed credentials across the network environment so adversaries can’t make use of them.
Before this technology allowed defenders to automate some elements of AD protection, cleaning up AD was a time-consuming manual process.
(Seeing as over 90% of all Global Fortune 1000 organizations use AD to control access and deliver services. Ray Kafity, VP of Attivo Networks, shares the ‘why’ and ‘how’ on the importance of protecting Active Directory. Courtesy of Attivo Networks and YouTube.)
Given AD’s relative vulnerability and the high percentage of attacks that attempt to exploit it, ADSecure and ADAssessor have significantly boosted defenders’ ability to remain secure against today’s most advanced threats.
But it isn’t enough. Attivo has steadily grown its portfolio of products, expanding beyond the deception space and into areas like identity protection.
Gartner has estimated that “75% of security failures will result from inadequate management of identities, access, and privileges” by 2023, and helping customers avoid the dangers associated with ineffective identity management has been an essential part of Attivo’s evolution.
Our most recent offering, IDEntitleX, is designed to deliver greater visibility and reduce the attack surface for identities and entitlements in the cloud.
Today’s organizations are adopting cloud infrastructure at an incredible rate, and both human and non-human identities continue to expand rapidly. And with so many opting for a multi-cloud approach, the ability to have a unified view of identities and exposures across all environments is more critical than ever.
The 2021 Verizon DBIR reported that 61% of all breaches involve credential data, further underscoring the threat.
Advanced Detection Tools Have Become Essential
Today’s threats have grown increasingly advanced, and both government agencies and their partners find themselves in the crosshairs of dangerous and well-funded adversaries.
Today’s cybercriminals are both willing and able to move laterally throughout networks, taking their time to identify the most valuable data to steal, or the most vulnerable systems to damage.
Sometimes these attacks come in the form of ransomware, but incidents like the recent Oldsmar, FL water system hack demonstrate that they can have even more dangerous results.
The NSA, MITRE, and NIST have all recognized the value of deception, which is highly encouraging.
And as a growing number of organizations recognize the need for more effective Active Directory and identity protections, products like ADSecure, ADAssessor, and IDEntitleX are helping them detect and prevent attackers from escalating their attacks into serious breaches.
With nation-state attacks increasing and vulnerable organizations looking to shore up their networks with reliable and easy-to-use security tools, deploying in-network defenses designed to detect and derail attackers early in the attack cycle is increasingly essential.
About the Author
Tony Cole has more than 35 years’ experience in cybersecurity and today is the Chief Technology Officer at Attivo Networks responsible for strategy and vision.
Prior to joining Attivo Networks, he served in executive roles at FireEye, McAfee, Symantec, and is a retired cyber operator from the U.S. Army.
Mr. Cole previously served on the NASA Advisory Council and the (ISC)² Board of Directors as Treasurer and Chair of Audit and Risk.
Today he serves on the Gula Tech Foundation Grant Advisory Board helping the Foundation give back to the community to drive a more diverse cyber workforce.
In 2014, he received the Government Computer News Industry IT Executive of the Year award, and in 2015 he was inducted into the Wash 100 by Executive Mosaic as one of the most influential executives impacting Government.
In 2018 he was awarded the Reboot Leadership Influencer Award in by SC Media.
(Sophisticated attackers are targeting credentials to escalate privileges. See how Attivo Networks provides an innovative solution that finds, cleans and monitors exposed credentials to reduce attack surfaces. Courtesy of Attivo Networks and YouTube.)
To Learn about Attivo Networks Federal solutions, please visit http://www.attivonetworks.com/government.
Attivo Networks®, the leader in identity detection and response, and Multiple 2020 ‘ASTORS’ Homeland Security Award Winner, delivers a superior defense for preventing privilege escalation and lateral movement threat activity, with customers worldwide relying on their ThreatDefend® Platform for unprecedented visibility to risks, attack surface reduction, and attack detection.
The company’s portfolio provides patented innovative defenses at critical points of attack, including at endpoints, in Active Directory, and cloud environments. Data concealment technology hides critical AD objects, data, and credentials, eliminating attacker theft and misuse, particularly useful in a Zero Trust architecture.
Bait and misdirection efficiently steer attackers away from production assets, and deception decoys obfuscate the attack surface to derail attacks.
Forensic data, automated attack analysis, and automation with third-party integrations serve to speed threat detection and streamline incident response.
To Learn More about Attivo Networks full portfolio of superior defense solutions for preventing privilege escalation and lateral movement threat activity, please visit attivonetworks.com.
American Security Today’s ‘ASTORS’ Homeland Security Awards program is today in its Sixth Year and continues to recognize the Outstanding Innovations of top firms and agencies in the Homeland Security and Public Safety fields.
The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition, and keep our Nation safe – one facility, street, and city at a time.
American Security Today is pleased to announce TSA Administrator David Pekoske, will join the organization as a featured speaker at the 2021 ‘ASTORS’ Homeland Security Awards Presentation Luncheon, on November 18, 2021 at ISC East in New York City.
“On the heels of an unprecedented global pandemic, continued unrest in our cities and potentially catastrophic cyberattacks on our nations critical infrastructure, the focus of the 2021 ‘ASTORS’ Awards Luncheon will be on the latest, state-of-the-art innovations that are driving investments in new public security and safety technologies and systems,” said AST Editorial and Managing Director Tammy Waitt.
“As a recognized expert in crisis management, strategic planning, innovation and aviation, surface transportation and maritime security, David Pekoske’s message highlighting his top priorities and challenges for the TSA based on his years of wide-ranging experience will be critical to our attendees internalizing the critical nature of these escalating challenges, and realizing innovative new approaches to meet them.”
In addition to taking Double Platinum Awards in the 2020 ‘ASTORS’ Homeland Security Awards Program for Best Intrusion Detection and Prevention Solution (Attivo Endpoint Detection Net (EDN)), and Best IT Threat Intel Solution (Attivo ThreatDefend Platform with Informer UI), Attivo Networks was also recognized with a coveted 2020 Extraordinary Leadership and Innovation Award.
2020 Extraordinary Leadership and Innovation Award
Attivo Networks has illustrated the company’s continued innovation in the field of advancing deception technology, developing advanced network security threat detection technology for deployment on premise or as a cloud service, as well as their ongoing development and investment to the ThreatDefend™ Deception & Response Platform.
*Attivo Networks is also a Returning Premier Sponsor of the 2021 ‘ASTORS’ Homeland Security Awards Program, and a Multi-Platinum Award Winner in the 2020, 2019, 2018 and 2017 ‘ASTORS’ Awards Program.
The 2021 ‘ASTORS’ Awards Program is Proudly Sponsored by AMAROK, Fortior Solutions and SIMS Software, along with Returning Premier Sponsors ATI Systems, Attivo Networks, Automatic Systems, and Reed Exhibitions.
Nominations are currently being accepted for the 2021 ‘ASTORS’ Homeland Security Awards at https://americansecuritytoday.com/ast-awards/.
|Access Control/ Identification||Personal/Protective Equipment||Law Enforcement Counter Terrorism|
|Perimeter Barrier/ Deterrent System||Interagency Interdiction Operation||Cloud Computing/Storage Solution|
|Facial/IRIS Recognition||Body Worn Video Product||Cyber Security|
|Video Surveillance/VMS||Mobile Technology||Anti-Malware|
|Audio Analytics||Disaster Preparedness||ID Management|
|Thermal/Infrared Camera||Mass Notification System||Fire & Safety|
|Metal/Weapon Detection||Rescue Operations||Critical Infrastructure|
|License Plate Recognition||Detection Products||And Many Others!|
|COVID Innovations||And Many Others!|
Don’t see a Direct Hit for your Product, Agency or Organization?
With the unprecedented occurrence of the COVID-19 pandemic, the focus of the safety and security industries has realized the need to increase innovations to address the daily growing challenges.
As such AST aims to make sure these firms and professionals are reflected in the 2021 ‘ASTORS’ Awards Program, so we’d like to encourage you to submit appropriate categories recommendations and include COVID-19 Frontline Professionals in your Nominations to see that these Professionals, Facilities, and Vendors receive the Recognition they Deserve!
Submit your category recommendation for consideration to Michael Madsen, AST Publisher at: firstname.lastname@example.org.
Register for the 2021 ‘ASTORS’ Luncheon Today
At ISC East 2021 you with the opportunity to interact with a broad array of security industry professionals.
ISC East works closely with other businesses in the security and public safety space to help bring together the Northeast’s largest security trade show each year.
In collaboration with premier sponsor SIA (Security Industry Association) and in partnership with ASIS NYC, ISC East is proud to work with and be supported by various associations, trade publications, charities, and more.
Therefore, the ISC audience of security dealers, installers, integrators, consultants, corporate, government and law enforcement/first responder practitioners will be joined by the ASIS NYC audience of major corporate managerial-through-director-level national and global security executives.
The combination of one-on-one conversations with the industry’s top innovators, integrators and security executives, special events, high-quality education and training, and strong support from industry associations, will allow attendees to learn and evaluate solutions from leading security exhibitors and brands.
Your ‘ASTORS’ Awards Luncheon registration includes complimentary attendee access to ISC East – Thank take advantage of this exclusive luncheon opportunity to take a break from the show – Invite your team, guests, clients and show visitors to a lovely and affordable plated meal event in the heart of New York City, for a fabulous networking opportunity!
Go to https://americansecuritytoday.com/product/awards-luncheon/ to secure your seat or reserve a table.
***Limited space available so Register Today. There will be no on-site registrations.
Why American Security Today?
The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.
The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.
American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State and local levels of government as well as firms allied to government.
American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers eyes throughout the story with cutting edge editorial that provides solutions to their challenges.
Harness the Power of the Web – with our 100% Mobile Friendly Publications
The AST Digital Publications is distributed to over 75,000 qualified government and homeland security professionals in federal, state and local levels.
‘PROTECTING OUR NATION, ONE CITY AT A TIME’
AST Reaches both Private & Public Experts, essential to meeting these new challenges.
Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.
These experts are from Government at the federal, state and local level as well as from private firms allied to government.
AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.
AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.
Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.
To learn more about the 2020 ‘ASTORS’ Homeland Security Award Winners solutions, Check Out the New 2020 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2020 ‘A Year in Review’.
The Annual CHAMPIONS edition includes a review of the ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firms products and services, includes video interviews and more.
It is your Go-To source throughout the year for ‘The Best of 2020 Products and Services‘ endorsed by American Security Today, and can satisfy your agency’s and organization’s most pressing Homeland Security and Public Safety needs.
From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware and Networking Security – Just to name a few), the 2020 ‘ASTORS’ CHAMPIONS EDITION has what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.
It also includes featured guest editorial pieces from some of the security industry’s most respected leaders, and recognized firms in the 2020 ‘ASTORS’ Awards Program.
For a complete list of 2020 ‘ASTORS’ Award Winners, click here.
For more information on All Things American Security Today, and the 2021 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at email@example.com.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos