Guest Editorial by Carolyn Crandall, Chief Deception Officer at Attivo Networks, a Returning Premier Sponsor for 2020 ‘ASTORS’ Awards
Cybercrime is always evolving, and as technology becomes more advanced, so too do the tactics employed by cybercriminals around the globe.
Today’s attackers often carry out attacks with the help of artificial intelligence and machine learning technology, which can enhance both their sophistication and speed.
Fortunately, cybercriminals are not the only ones utilizing automated processes.
As attacks have grown in complexity, the need for defenders to employ effective automation has also increased, and cybersecurity teams have sought to respond accordingly by investing in tools that help eliminate the manual work associated with incident detection, analysis, and response.
Automated Threat Detection Tools
There has been a significant increase in security tools that have incorporated automation to try to identify attacks.
Many of these use various levels of artificial intelligence to pattern match or attempt to detect anomalous behavior.
This capability can be useful in accelerating detection, but many security teams find this approach challenging because it requires a baseline, time to tune, and ongoing refinement.
Throughout this process, the number of false positives generated can negate much of the operational efficiencies gained.
Alternatively, security teams have realized efficiency gains in the use of machine learning for automating the deployment of security solutions.
An example of this is with deception technology, where the solution self-learns the environment and then automatically proposes the decoy configurations and credentials so that the deceptions match production assets and users.
This automatic configuration saves on both the time to deploy as well as eliminating mistakes during the customizations.
(Threat Detection is a universal challenge for organizations of all sizes and from all industries. Traditional security controls are failing and the cybersecurity community needs a new approach for detecting threats early and accurately. Briefly explore how deception technology is solving organization’s threat detection challenges through the narrative of our wolf-in-sheep’s-clothing. Courtesy of Attivo Networks and YouTube. Posted on Mar 18, 2020.)
Augmenting Detection Tools with Automatic Response Capabilities
Reducing dwell time—the amount of time between when intruders enter the network and when the organization detects them—limits the potential damage an attacker can cause.
Unfortunately, most of today’s detection tools will simply alert on a live attack.
Because they don’t have a way to engage the adversary, they can only gather limited information about the attacker.
InfoSec teams must then conduct manual investigations to gain actionable adversary intelligence and correlate attack data for triage.
These investigations take time, as those involved will need to research various logs and tools to find additional indicators of compromise (IoCs) and to gather more information to identify the origin and extent of the attack.
There are considerable benefits organizations can gain by gathering information about an attack as it occurs.
-
Charting the attack path and point of origin provides valuable information, as does determining the tools the attacker is using to gain insight into their targets and intent.
-
Correlating this information from the attack as well as gathering information from the point of compromise can require considerable time and effort when done manually.
Fortunately, there are now in-network security controls capable of performing this function automatically, providing defenders with a high-fidelity alert as well as verified, high-quality information that allows them to respond to an incident more quickly and effectively.
One approach to gathering and correlating this information is through the use of Security Information and Event Management (SIEM), which can work well when log data is available, and the system is appropriately tuned.
Endpoint Detection and Response (EDR) solutions can also help in providing endpoint forensics and other telemetry information.
Their ability to isolate an infected system will also mitigate the spread of an attack.
(Hear from Carolyn Crandall and Tony Cole on Attivo Networks’ newest product Endpoint Detection Net, which tackles endpoint security challenges head-on by making every endpoint a decoy designed to disrupt an attacker’s ability to break out and further infiltrate the network. Courtesy of Attivo Networks and YouTube. Posted on Feb 28, 2020.)
Another preferred control is deception technology because it identifies TTPs, IoCs, and other forensic information that security teams can use to automate both the analysis and the correlation of attack data.
Additionally, deception can automate incident response actions, such as isolating an infected endpoint or blocking the affected network segment through built-in integrations with existing security controls.
Security teams can also gain operational efficiencies by automatically sharing attack data with their SIEM, EDR, and other controls to accelerate threat hunting and containment.
Automation requires accuracy and confidence in the alert
Substantiated alerts are a critical aspect of automated tools.
Security teams hesitate to automate responses because many detection tools suffer from low signal-to-noise ratios.
They cannot risk business disruption because of a false positive alert.
By relying on tools with substantiated alerts, defenders can be more confident automating responses with less additional investigation time.
Defenders can even go one step further, using IoCs gathered from the initial alert to identify other victims of the attack.
Many organizations are turning to Security Orchestration, Automation and Response (SOAR) platforms to maximize information sharing and response automation.
SOAR platforms are similar to SIEMs but include workflow automation to enable information exchange and playbook execution.
These workflows can include sharing information with firewalls, EDR solutions, Network Access Controls (NACs), SIEMs, and others.
This level of automation can help reduce information sharing time and the potential for human error while resulting in significant improvements to both attack recognition and response time.
It is notable that at the Gartner 2019 Security Summits that Gorka Sadowski, Senior Director Analyst, highlighted the use case of deception in SOAR platforms, driven by the fidelity of the alerts and the readiness for automation.
Prompt Remediation and the Restoral of Services are Critical
Detecting, responding, and quickly recovering from an incident are critical for ensuring uninterrupted business operations.
Adding automation can be extremely valuable for reducing the time needed to detect and resolve alerts, creating a framework for consistent and repeatable processes, optimizing the utilization of resources, and reducing the need for human intervention.
It also comes with the benefit of unifying security tools and workflow operations.
Given the increased use of automation and AI by attackers, it is a critical time to invest in automation for streamlining detection, analysis, and incident response workflows and for seeking efficiency improvements in overall security operations.
About the Author
Carolyn Crandall has over 25 years of experience in building emerging technology markets in security, networking, and storage industries.
In her current role at Attivo Networks, she focuses on educating organizations on how to build deception-based visibility and defense programs that are designed to reduce cyber risk across today’s expanding attack surfaces and tactics used by advanced cyber criminals.
She is an active speaker, blogger, and byline contributor with a focus on cybersecurity innovation and information technology challenges.
Ms. Crandall was also recognized as the recipient of CEO Magazine’s 2019 Business Women of the Year Award, awarded exclusively to a group of C-suite women that have been influential in elevating their business to the next level whilst also promoting equality for all women within the sector and beyond.
Attivo Networks Returns as Premier Sponsor for 2020 ‘ASTORS’ Security Awards Program
AST focuses on Homeland Security and Public Safety Breaking News, the Newest Initiatives and Hottest Technologies in Physical & IT Security, essential to meeting today’s growing security challenges.
The 2020 ‘ASTORS’ Homeland Security Awards Program, is organized to recognize the most distinguished vendors of Physical, IT, Port Security, Law Enforcement, Border Security, First Responders, (Fire, EMT, Military, Support Services Vets, SBA, Medical Tech) as well as the Federal, State, County and Municipal Government Agencies – to acknowledge their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’
As an ‘ASTORS’ competitor, Data Theorem will be competing against the industry’s leading providers of Innovative Application Security Solutions.
Enter today to Compete in the 2020 ‘ASTORS’ Homeland SecurityAwards at https://americansecuritytoday.com/ast-awards/.
The Annual ‘ASTORS’ Awards Program is specifically designed to honor distinguished government and vendor solutions that deliver enhanced value, benefit and intelligence to end users in a variety of government, homeland security and public safety vertical markets.
American Security Today is pleased to announce that Deann Criswell, the NYC Emergency Management Commissioner will deliver the keynote address at the 2020 ‘ASTORS’ Awards Presentation Luncheon Banquet in New York City.The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition, and keep our Nation safe – one facility, street, and city at a time.
90% of ‘ASTORS’ Award Winners return to compete in the Annual ‘ASTORS‘ Homeland Security Awards Program, and 100% of ‘ASTORS’ Sponsors have returned year to year to reap the benefits of their participation in the industry’s largest and most comprehensive Annual Awards Program.
Nominations are now being accepted for the 2020 ‘ASTORS’ Homeland Security Awards at https://americansecuritytoday.com/ast-awards/.
Comprehensive List of Categories Include:
Access Control/ Identification | Personal/Protective Equipment | Law Enforcement Counter Terrorism |
Perimeter Barrier/ Deterrent System | Interagency Interdiction Operation | Cloud Computing/Storage Solution |
Facial/IRIS Recognition | Body Worn Video Product | Cyber Security |
Video Surveillance/VMS | Mobile Technology | Anti-Malware |
Audio Analytics | Disaster Preparedness | ID Management |
Thermal/Infrared Camera | Mass Notification System | Fire & Safety |
Metal/Weapon Detection | Rescue Operations | Critical Infrastructure |
License Plate Recognition | Detection Products | And Many Others! |
Don’t see a Direct Hit for your Product, Agency or Organization?
With the unprecedented occurrence of the COVID-19 pandemic, the focus of the safety and security industries has realized the need to increase innovations to address the daily growing challenges.
As such AST aims to make sure these firms and professionals are reflected in the 2020 ‘ASTORS’ Awards Program, so we’d like to encourage you to submit appropriate categories recommendations and include COVID-19 Frontline Professionals in your Nominations to see that these Professionals, Facilities, and Vendors receive the Recognition they Deserve!
Submit your category recommendation for consideration to Michael Madsen, AST Publisher at: mmadsen@americansecuritytoday.com.
The 2019 ‘ASTORS’ Awards Program surpassed expectations with a record number of nominations received from industry leaders and government agencies, and drew over 200 attendees to the ‘ASTORS’ Awards Presentation Banquet – an exclusive gourmet luncheon and networking opportunity which filled to capacity, before having to turn away late registrants.
Why the ‘ASTORS’ Homeland Security Awards Program?
Commissioner Bratton, one of the world’s most respected and trusted experts on risk and security issues and Executive Chairman of Teneo Risk a global advisory firm, was recognized as the ‘2019 ‘ASTORS’ Person of the Year’ for his Lifetime of Dedication and Extraordinary Leadership in Homeland Security and Public Safety.The event featured an impassioned and compelling keynote address by William J. Bratton, former police commissioner of the New York Police Department (NYPD) twice, the Boston Police Department (BPD), and former chief of the Los Angeles Police Department (LAPD), as he walked attendees through 50 years of American policing history, the impacts on the communities, and the evolution of critical communication capabilities in our post 9/11 landscape.
American Security Today’s comprehensive Annual Homeland Security Awards Program is organized to recognize the most distinguished vendors of physical, IT, port security, law enforcement, and first responders, in acknowledgment of their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’
Over 200 distinguished guests representing Federal, State and Local Governments, and Industry Leading Corporate Firms, gathered from across North America, Europe and the Middle East to be honored among their peers in their respective fields which included:
- The Drug Enforcement Administration (DEA)
- National Center for Missing and Exploited Children (NCMEC)
- United States Marine Corps
- The Federal Protective Service (FPS)
- Argonne National Laboratory (ANL)
- United States Postal Inspection Service
- DHS S&T
- United States Marshals Service (USMS)
- The Port Authority of New York & New Jersey Police (PAPD)
- The Department of Justice (DOJ)
- The New York State Division of Homeland Security & Emergency Services (NYS DHSES)
- United States Border Patrol
- AlertMedia, Ameristar Perimeter Security, Attivo Networks, Automatic Systems, Bellevue University, BriefCam, Canon U.S.A., CornellCookson, Drone Aviation, FLIR Systems, Hanwha Techwin, HID Global, IPVideo Corp., Konica Minolta Business Solutions, LenelS2, ManTech, Regroup Mass Notifications, SafeLogic, SolarWinds, Senstar, ShotSpotter, Smiths Detection, TCOM LP, Trackforce, Verint, and More!
Why American Security Today?
The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.
The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.
American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State and local levels of government as well as firms allied to government.
American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers eyes throughout the story with cutting edge editorial that provides solutions to their challenges.
Harness the Power of the Web – with our 100% Mobile Friendly Publications
The AST Digital Publications is distributed to over 75,000 qualified government and homeland security professionals in federal, state and local levels.
‘PROTECTING OUR NATION, ONE CITY AT A TIME’
AST Reaches both Private & Public Experts, essential to meeting these new challenges.
Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.
These experts are from Government at the federal, state and local level as well as from private firms allied to government.
AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.
AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.
Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.
To learn more about the 2019 ‘ASTORS’ Homeland Security Award Winners solutions, please go to the 2019 ‘ASTORS’ Championship Edition Fully Interactive Magazine – the Best Products of 2019 ‘A Year in Review’.
The ‘ASTORS’ Champion Edition is published annually and includes a review of the ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firms products and services, includes video interviews and more.
It is your Go-To source throughout the year for ‘The Best of 2019 Products and Services‘ endorsed by American Security Today, and can satisfy your agency’s and organization’s most pressing Homeland Security and Public Safety needs.
From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware and Networking Security – Just to name a few), the 2019 ‘ASTORS’ CHAMPIONS EDITION will have what you need to Detect, Delay, Respond to, and Mitgate today’s real-time threats in our constantly evolving security landscape.
It also includes featured guest editorial pieces from some of the security industry’s most respected leaders, and recognized firms in the 2019 ‘ASTORS’ Awards Program.
Attivo Networks Takes Platinum in 2019 ‘ASTORS’ Awards Program
Attivo Networks
-
Best Cyber Security Solution
-
ThreatDefend™ Deception and Response Platform
(See a brief introduction to deception technology and the Attivo Networks ThreatDefend Deception and Response Platform. Courtesy of Attivo Networks and YouTube.)
-
Best ICS/SCADA Cyber Security Solution
-
ThreatDefend™ Deception and Response Platform
-
Best IT Intrusion Detection & Prevention Solution
-
ThreatDefend™ Deception and Response Platform
-
The ThreatDefend Deception Platform is a modular solution comprised of Attivo BOTsink® engagement servers, decoys, and deceptions, the ThreatStrikeTM endpoint deception suite, ThreatPathTM for attack path visibility, ThreatOpsTM incident response orchestration playbooks, and the Attivo Central Manager (ACM), which together create a comprehensive early detection and active defense against cyber threats.
-
*Attivo Networks is also a Returning Premier Sponsor of the 2019 ‘ASTORS’ Homeland Security Awards Program, and a Multiple Awards Winner in the 2018 and 2017 ‘ASTORS’ Awards Programs.
Attivo Networks®, the leader in deception technology, provides an active defense for early detection, forensics, and automated incident response to in-network attacks.
The Attivo ThreatDefend® Deception Platform provides a comprehensive and customer-proven platform for proactive security and accurate threat detection within user networks, data centers, clouds, and a wide variety of specialized attack surfaces.
The portfolio includes extensive network, endpoint, application, and data deceptions designed to misdirect and reveal attacks efficiently from all threat vectors.
Advanced machine-learning makes preparation, deployment, and operations fast and simple to operate for organizations of all sizes.
Comprehensive attack analysis and forensics provide actionable alerts and native integrations that automate the blocking, quarantine, and threat hunting of attacks for accelerated incident response.
To Learn More, please visit www.attivonetworks.com.
For information about advertising opportunities with American Security Today, please contact Michael Madsen, AST Publisher at mmadsen@americansecuritytoday.com.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos
Subscribe to the AST Daily News Alert Here.
Learn More…
Securing Endpoints is a Top Concern in Reducing Attack Dwell Times