CASE STUDY
W
ith breaches continuing to hit
organisations at unprecedented
levels new approaches to
uphold cybersecurity are heavily in
demand. Traditional prevention-based
security solutions are no longer seen as
the only weapons enterprises can arm
themselves with.
For instance, more organisations are putting
their faith in Deception Technology which
set a series of traps that force the attacker to
reveal their identity, stopping them dead in
their tracks. One such deception technique
solution is Attivo’s ThreatDefend Deception
and Response Platform which is being
leveraged by the Ministry of Energy, Industry
and Mineral Resources in Saudi Arabia.
The sector has been heavily hit by
cybercriminals intent on exploiting its wealth
by any means possible but platforms such
as ThreatDefend are being utilised to up the
game against the bad actors.
The platform is recognised for its
comprehensive network and endpoint-based
deception, which turns user networks, data
centres, cloud, remote offices and even
specialty environments such as IOT, ICS-
SCADA, point-of-sale, telecom and network
infrastructure systems into traps and a ‘hall
of mirrors’ environment that will confuse,
misdirect and lead the attackers to reveal
their identity.
The solution is designed for continuous
threat management, which starts with
deception-based detection of in-network
threats and adds in automated attack
analysis, forensic reporting and third-party
integrations (Firewall, NAC, end-point,
SIEM) to accelerate incident response
(block, quarantine, threat hunt). Visibility
tools empower organisations to proactively
strengthen overall security defences by
showing exposed attack paths and attacker
movement in a time-lapsed replay.
The platform comprises Attivo BOTsink
engagement servers, decoys, deceptions, the
Multi-Correlation Detection Engine (MCDE),
the ThreatStrike end-point deception
WE ARE
WATCHING ALL
HIS MOVES AND
RECORDING IT IN
A FORENSIC FILE.
suite, the Attivo Central Manager (ACM),
ThreatPath and ThreatOps. Together, the
product suite creates a comprehensive
early detection and continuous threat
management defence against advanced
threat actors. Intelligent CIO spoke to both
the vendor and end-user to find out exactly
how the platform is being leveraged. Here we
speak to Ray Kafity, Vice President, META,
Attivo Networks, to find out more about his
company’s solution.
What verticals are able to use
the platform?
The solution is the Attivo ThreatDefend
Detection and Response Platform. All
www.intelligentcio.com
INTELLIGENTCIO
65