Attivo Networks: Deception-Based Cyber Security Defense

With a growing number of cyber attacks, organizations are aggressively adopting deception for threat detection technologies to provide real-time alerts of breaches and mitigate the risks associated with data and employee credential exfiltration. “Deception technology for threat detection is closing the gaps left open with traditional security solutions and filling an undisputed market need. I am passionate about creating cultures of innovation. I believe that when a group of people is empowered to think without boundaries, they can change the world,” starts Tushar Kothari, CEO at Attivo Networks. Attivo changes the landscape of cyber security defense as cyber attackers are inventive, fast, and increasingly more malicious. To successfully progress, the attacks, attackers and the automation tools rely on the responses received throughout the attack process. “Every organization concerned with protecting their most critical assets should be looking at deception technology as part of their security infrastructure,” remarks Kothari.

To help government organizations establish a defense against future attacks, Attivo has created advanced network security solutions using deception based threat detection techniques that dramatically increase the speed to which threats inside the network are uncovered. Using this dynamic deception to detect the attackers, Attivo authentically detects BOTs and APTs (Advanced Persistent Threats) inside the network, data center, and cloud before the data is breached. Leveraging high-interaction decoys and deception, Attivo’s active deception techniques are reliable and detect threat targets that exfiltrates client records and valuable business information stored in data centers, shared with other Government departments associated with Internet or web presence, HTTPS, and phishing attacks. Being an innovator in decoy technology, Attivo solution provides a robust dashboard with the forensics required to capture attacker methods, and updates preventive methods for future attacks.

Attivo authentically detects BOTs and APTs inside the network, data center, and cloud before the data is breached

To generate an attack sequence, BOTsink uses an Analyze, Monitor and Record (AMR) Engine to feed events into its patented Multi Dimensional Correlation Engine (MDCE). The MDCE captures and analyzes the BOT and APT activities and with actionable intelligence, quickly shut downs the breach.

Despite billions of dollars invested in cyber security, high-profile security breaches occurred at the Office of Personnel Management (OPM), Internal Revenue Service, State Department, and even at the White House. These attacks have occurred inspite of using $4.5 billion National Cybersecurity and Protection System (NCPS) program and the Department of Homeland Security’s (DHS) Einstein—an active prevention system that guards much of the Federal Government’s Internet traffic. As these attacks are sophisticated and customized, additional programs have been established to prevent the shared information from attackers and making them easy to detect. Driven by the failure of today’s security solutions to prevent and quickly detect breaches or future regulation, the firm aids the Government to look seriously into modern day approaches to network security that is designed to detect intrusions and those that are mounting attack on their network. The “DHS-provided information”—threat profile information created by DHS’ US-CERT from analysis of existing attacks and threats triggers alerts and traffic blocking. Attivo’s BOTsink solution opened a port to connect to the hacker’s command and control (C&C) to collect additional information, to understand the intent of the attack. This engaged attackers by hosting network services across multiple virtual machines, IP services, and subnets luring attackers into revealing themselves as soon as they start to look for high-value assets.

Further, the firm aims to introduce an upgraded management system that will give a sole view of all the Attivo devices deployed in a single business network rather than viewing one at a time. Kothari says, “Because deception technology is another layer on top of the existing network security, it is a huge opportunity for partners to bring added value to their clients.”