INTELLIGENT BRANDS // Enterprise Security
POWERED BY
Attivo Networks makes deception
technology deceptively simple
/////////////////////////////
A
ttivo Networks, a leader in deception
for cybersecurity threat detection,
has announced new advanced
capabilities that use Machine Learning to
automatically generate and deploy the most
authentic deception that covers an extensive
set of attack vectors at scale.
This product release lowers the total cost of
ownership by completely automating the
deployment and maintenance of the most
authentic and comprehensive deception
environment. It accomplishes all of this
transparently and without adding any agents
to the production environment.
This is a new generation of the
ThreatDefend platform that extends a
customer’s ability to ubiquitously cover its
on-premise, remote and cloud operations
in a simple and consistent manner. It is
the latest in deception technology and
completely integrates into any customer’s
security workflow.
“To successfully outmanoeuvre attackers,
deception solutions need to be dynamic,
authentic and enticing to an adversary,”
said Ray Kafity, Vice President, Middle East,
Turkey and Africa at Attivo Networks. “By
leveraging Machine Learning capabilities,
Attivo Networks makes it easier than ever to
deploy, manage and operate deception by
automating the creation and deployment
of decoys and lures. This maintains the
credibility of the environment, effectively
reducing dwell time and accelerating
incident response.”
The overall management of deception
boils down to three critical components:
automatic deception generation,
deployment and maintenance. The
original use of honeypots and early forms
of deception credential management
www.intelligentcio.com
were either plagued with scalability and
management challenges or compromised
authenticity for ease of use. Customers no
longer need to compromise.
Product enhancements are:
1. Generate deceptions: Machine
Learning is utilised to learn the assets,
applications and device profiles and
automatically generates a matching
deception environment. This
technology is able to distinguish the
difference between IoT devices, SCADA
environment and an enterprise
network as well as different credential
naming conventions
2. Intelligent and agentless
deployment: As deception
continuously learns the environment,
the technology matches network
behaviour, mimics devices and deploys
deceptive credentials and assets that
are mirror-match authentic. Deception
campaigns can be automatically
deployed and/or can be reviewed and
executed at the push of a button
• The Attivo Networks agentless
endpoint credential technology
provides an extensive offering of
deception breadcrumbs and non-
invasive decoys without the need for
additional CPU or traditional software
infrastructure management
• The company’s ThreatDirect
deception solution family projects
deception at scale throughout
the network without the need for
additional hardware or infrastructure,
making it extremely effective for
deploying deception in cloud, remote
offices/branch offices or micro-
segmented networks
3. Continuous operation: Every aspect
of the deception environment is
monitored to determine when the
solution should deploy updates, refresh
credentials and deploy new deception
decoys. Additionally, Attivo deception
dynamically expands the deception
surface upon suspicion of foul play and
following any attack, new deception is
deployed to automatically refresh the
deception environment. This prevents
‘fingerprinting’ by attackers who would
then know what to avoid
Ultimately, behavioural deception based upon
Machine Learning means that all deception
elements can blend seamlessly into the
environment and become indistinguishable
from production assets; that deceptive
environments can continuously evolve and
scale and that attackers cannot defeat the
deception by profiling. n
Ray Kafity, Vice President, Middle East,
Turkey and Africa at Attivo Networks
INTELLIGENTCIO
83