Attivo ThreatDefend Competes in the 2017 ‘ASTORS’ Awards (Multi-Video)

These outline the steps needed for analysis, assessment, indicators, warning, and response.

Attivo Networks assessed these frameworks and designed its ThreatDefend Deception and Response platform to empower organizations with continuous threat management as defined in these models.

Attivo ThreatDefend Analysis and Assessment

• The Attivo solution provides attack path vulnerability assessment of the network based on exposed and orphaned credentials and other vulnerabilities that create on-ramps for an attacker.
• Additionally, topographical maps of the network provide visibility to assets as they are come on and off of the network.
• Maps can also show attack time-lapsed replay so that organizations can understand and analyze the lateral movement of an attack.

Attivo ThreatDefend Indicators and Warning

In this day and age, where we are heavily reliant ICS, real-time situational awareness is critical.

• An increasing amount of proactive government practitioners and organizations are connecting sensor-based data and operational infrastructure to enable real-time intelligence.
• These both come with their own sets of security risks.
• ICS often operates on older unpatchable systems where there is a lack of security standards, common passwords are often used and the concept of a true ”air gap” is fading rapidly in a connected world.

Ultimately, attackers can and will bypass perimeter security and get inside the network.

The BOTsink deception servers are designed to provide early warning to attackers in-the-network by setting traps that appear as production assets.

• These decoys run the same protocols as ICS and IOT devices for authenticity and are designed to deceive and misdirect the attack into engaging and revealing their presence.

Attivo ThreatDefend Response

• As the attacker engages with the deception environment, the BOTsink multi-correlation engine analyzes the attack and creates the forensic reporting for the incident.
• This attack information will then create evidence-based alerts and be viewable in a threat intelligence dashboard, in which double click actions can be taken through 3rd party integrations to block and quarantine attackers.
• Companies and agencies can then create repeatable playbooks based on information that they would like shared with their firewalls, endpoint, NAC, and SIEM solutions, so that their security policies can automatically be applied.

• Decoys appear identical to production assets, luring attackers into revealing themselves.
• Decoy configurations run real Linux, Mac, and Windows OS and are customizable to match the “golden image” of the production environment.
• Deception lures (bait) redirect attackers trying to infect endpoints, servers/VMs to engagement servers for detection.
• Bait includes deception credentials, ransomware bait, and other deception lures.

Attivo Networks ThreatDefend Platform Achieves Common Criteria EAL2+ Certification

Common Criteria is an internationally recognized standard which defines a framework for evaluating the security of IT products.

US government organizations, international government entities from 27 different countries, and many global Fortune 500 corporations require Common Criteria certification to aid in the evaluation of IT products for their infrastructures and often require contractors to uphold the standard as well.

The certification requires developer testing, vulnerability analysis, product lifecycle management process assessment, and independent testing based on detailed Target of Evaluation (TOE) specifications.

“We are extremely pleased that the Attivo deception platform has received this critical certification because it provides validation to both corporate and government agency prospects that the solution has stood up against extremely stringent testing,” says Tushar Kothari, CEO of Attivo Networks.

“Attivo is the only company in this category to receive this certification, right when the need for detection technology is greater than ever and attackers continue to relentlessly demonstrate their ability to breach traditional security systems.”

Attivo ThreatDefend at a Glance

The ThreatDefend deception solution is designed for efficiency and friction-less deployment.

• The solution is not in-line, so it doesn’t require process changes or network redesign to install.
  • Organizations can be up and running deception in under an hour and can make their entire network a ubiquitous trap for cyber attackers.
• Attivo deception is exceptionally comprehensive and authentic, running real operating systems and with full golden image customization to the production environment.
  • Dynamic deception techniques and sophisticated deception lures deceive an attacker into engaging regardless of whether the threat vector is a zero day, stolen credential, ransomware, MiTM or insider attack.

• The platform seamlessly scales to support user networks, datacenters, cloud, ICS-SCADA, IOT environments and provides a centralized threat management console.
• Detection is based on deception vs. database lookup or pattern matching, eliminating the need to cull through logs and deal with false-positive alerts.
  • Attivo alerts are engagement-based and substantiated with attack details, which simplify incident response and negate the need for additional resources to operate the solution and respond to an incident.
• Attivo provides its own sandboxing technology that analyzes and provides forensic reporting of each attack.
  • Full TTP information, infected IP addresses, signatures and other attack detail required to isolate and block an attacker are immediately provided, dramatically accelerating incident response and automating response actions with firewalls, NACs, SIEMs per an organization’s preference.
  • Customers regularly cite the time savings of the ThreatDefend analysis engine, which automates the analysis and reporting of advanced malware and suspicious phishing emails.
• ThreatPath™ attack prevention reporting provides continuous visibility into a company’s vulnerabilities and weak links by highlighting attack path risks based on misconfigurations or credentials on non-designated computers, by showing the infected endpoints, and automating trouble ticket requests for systems needing remediation.
• Deception is a game changer in both its high efficacy and in efficiency to operate and most impressively at a cost that doesn’t break the bank.