Attivo rethinks cybersecurity
Deception technology rounds the threat response cycle
Attivo brings back an old technology, builds enhanced deception technology around it, and delivers an innovative approach to fighting cybercrime.
“Honeypot” technology was until recently too premature and primitive in nature to be deployed in corporate enterprise networks, Cloud and data centre environments. Ray Kafity, vice president, Attivo Networks Middle East, Turkey & Africa says Attivo took that concept and through significant reengineering, enhanced it enough to be able to operationalise it within a corporate network environment.
The idea behind deception technology is that once the attacker is in the network, the solution will gradually lure him into engagement servers that Attivo has created as decoy, explains Kafity. Deception technology leverages attackers’ own typical post-breach methodology, which is to begin a lateral movement within the network for reconnaissance, moving from one section of VLAN to another. The reconnaissance is meant to elevate the attacker’s privileges within the network by acquiring credentials, or “the keys to the safe”.
With Attivo’s solution, this movement will land the attacker in the engagement server set up by Attivo after being lured through the deceptive credentials technology. “Like laying cheese in a trap for a mouse, our solution traps the attacker and once he’s inside our engagement server, we guarantee that he does not leave our shadow /decoy network. That way, we keep the adversary away from engaging with the real assets in the network,” Kafity says.
In the meantime, Attivo will gather intelligence and alerts on the attacker’s tactics and procedures before sharing the forensics with the rest of the company’s security ecosystem such as firewalls, SIM solution or proxy servers, Kafity says.
Research shows a typical company takes more than 250 days before its aware of a threat lurking inside their network. These are eight months that a specific attack could expropriating data on a daily basis and the user is not aware of it. In such a scenario, there’s a need for effective post-breach detection and defence, Kafity says.
Attivo’s solutions are versatile, Kafity says, sitting in a private network, cloud or in a virtualised data centre. Kafity says the solution works on VMware, Citrix or other virtualised environments.
Attivo has signed a distribution partnership with VAD StarLink for the region.
StarLink is the ideal partner, Kafity says, in that they carry some niche security products that ultimately forms a cohesive umbrella for an organisation’s security needs. “Luckily, Attivo integrates with other companies that are represented by StarLink like Blue Coat, FireEye and others. So the intelligence and forensics we have gathered once inside in the network can be shared with those security control vendors,” Kafity says.