Attivo Networks is an award winning provider of
deception for in-network threat detection, attack forensic analysis, and continuous threat response.
Stop attackers in their tracks with the real-time detection of threats that have bypassed prevention security systems.
The Attivo Networks ThreatMatrix Deception and Response Platform changes the balance of power with sophisticated deception technology that deceives an attacker into revealing themselves.
Detailed attack analysis and forensics accelerate incident response and provide protection against future cyber attacks.
(A brief introduction to deception technology and the Attivo Networks ThreatMatrix Deception and Response Platform. Courtesy of Attivo Networks and YouTube)
Critical infrastructure protection currently follows the NIST Cyber Security Framework and Presidential Policy Directive PPD-21.
- Decoys appear identical to production assets, luring attackers into revealing themselves.
- Decoy configurations run real Linux, Mac, and Windows OS and are customizable to match the “golden image” of the production environment.
- Deception lures (bait) redirect attackers trying to infect endpoints, servers/VMs to engagement servers for detection.
- Bait includes deception credentials, ransomware bait, and other deception lures.
(Learn More about Attivo Networks and deception technology from AFCEA West 2017. Courtesy of Attivo Networks and YouTube)
Attivo Networks ThreatMatrix Platform Achieves Common Criteria EAL2+ Certification
The ThreatMatrix Platform, which is comprised of Attivo BOTsink engagement servers, decoys, and deceptions, a Multi-Correlation Detection Engine (MCDE), the ThreatStrike end-point deception suite, and the Attivo Central Manager (ACM), has earned Common Criteria Evaluation Assurance Level 2+ (EAL2+) certification, according to Norwegian CCRA member SERTIT.
Common Criteria is an internationally recognized standard which defines a framework for evaluating the security of IT products.
US government organizations, international government entities from 27 different countries, and many global Fortune 500 corporations require Common Criteria certification to aid in the evaluation of IT products for their infrastructures and often require contractors to uphold the standard as well.
The certification requires developer testing, vulnerability analysis, product lifecycle management process assessment, and independent testing based on detailed Target of Evaluation (TOE) specifications.
The evaluation determined that the Attivo ThreatMatrix system configured to include BOTsink, ThreatStrike and Central Management solutions meets the security criteria defined in the Security Target, which specifies EAL2+
“We are extremely pleased that the Attivo deception platform has received this critical certification because it provides validation to both corporate and government agency prospects that the solution has stood up against extremely stringent testing,” says Tushar Kothari, CEO of Attivo Networks.
“Attivo is the only company in this category to receive this certification, right when the need for detection technology is greater than ever and attackers continue to relentlessly demonstrate their ability to breach traditional security systems.”
“We are pleased to have the opportunity to work with the emerging technologies offered by Attivo Networks to perform Common Criteria evaluation and FIPS 140-2 testing of the Attivo Networks’ products,” said Eugene Polulyakh, General Manager at Advanced Data Security accredited FIPS and Common Criteria testing laboratory located in San Jose, California.
“The FIPS 140-2 and Common Criteria testing and evaluation process includes analysis of the security architecture, vulnerability analysis, and penetration testing of the products, as well as analysis of the cryptographic algorithms implemented by the products to test for compliance with advanced cryptographic standards.
The Common Criteria certification of the Attivo Networks’ solution is a significant accomplishment that highlights Attivo Networks’ commitment to offer secure and reliable products.”
The ThreatMatrix deception solution is designed for efficiency and friction-less deployment.
- The solution is not in-line, so it doesn’t require process changes or network redesign to install.
- Organizations can be up and running deception in under an hour and can make their entire network a ubiquitous trap for cyber attackers.
- Attivo deception is exceptionally comprehensive and authentic, running real operating systems and with full golden image customization to the production environment.
- Dynamic deception techniques and sophisticated deception lures deceive an attacker into engaging regardless of whether the threat vector is a zero day, stolen credential, ransomware, MiTM or insider attack.
- The platform seamlessly scales to support user networks, datacenters, cloud, ICS-SCADA, IOT environments and provides a centralized threat management console.
- Detection is based on deception vs. database lookup or pattern matching, eliminating the need to cull through logs and deal with false-positive alerts.
- Attivo alerts are engagement-based and substantiated with attack details, which simplify incident response and negate the need for additional resources to operate the solution and respond to an incident.
- Attivo provides its own sandboxing technology that analyzes and provides forensic reporting of each attack.
- Full TTP information, infected IP addresses, signatures and other attack detail required to isolate and block an attacker are immediately provided, dramatically accelerating incident response and automating response actions with firewalls, NACs, SIEMs per an organization’s preference.
- Customers regularly cite the time savings of the ThreatMatrix analysis engine, which automates the analysis and reporting of advanced malware and suspicious phishing emails.
- ThreatPath™ attack prevention reporting provides continuous visibility into a company’s vulnerabilities and weak links by highlighting attack path risks based on misconfigurations or credentials on non-designated computers, by showing the infected endpoints, and automating trouble ticket requests for systems needing remediation.
- Deception is a game changer in both its high efficacy and in efficiency to operate and most impressively at a cost that doesn’t break the bank.
(DJ Goldsworthy, Senior Manager of Threat and Vulnerability Management at Aflac, Inc., shares how deception has helped Aflac, Inc. significantly improve their threat detection abilities while providing zero false positives. Courtesy of Attivo Networks and YouTube)
Attivo Networks® is the leader in deception technology for real-time detection, analysis, and accelerated response to advanced, credential, insider, and ransomware cyber-attacks.
The Attivo ThreatMatrix™ Deception and Response Platform accurately detects advanced in-network threats and provides scalable continuous threat management for user networks, data centers, cloud, IoT, ICS-SCADA, and POS environments.
Attivo ThreatMatrix in 2017 ‘ASTORS’ Homeland Security Awards Program
The 2017 ‘ASTORS’ Homeland Security Awards Program, organized to recognize the most distinguished vendors of Physical, IT, Port Security, Law Enforcement, First Responders, (Fire, EMT, Military, Support Services Vets, SBA, Medical Tech) as well as the Federal, State, County and Municipal Government Agencies – to acknowledge their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’
As an ‘ASTORS’ competitor, the Attivo ThreatMatrix will be competing against the industries leading providers of innovative critical infrastructure protection solutions and intrusion detection.
Good luck to Attivo ThreatMatrix on becoming a Winner of the 2017 American Security Today’s Homeland Security Awards Program!
To learn more about ThreatMatrix and Attivo Networks wide range of offerings, please visit the company’s website at https://attivonetworks.com/