Attivo Networks adds response capabilities to deception deployments

With its Deception and Response Platform, Attivo Networks addresses the main weakness of most deception technology, having to rely on other programs to respond to an attack once revealed by the deception network.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Deception technology, deploying fake assets inside real networks to trick and catch attackers, shows an incredible amount of promise within cybersecurity as the technology grows. Even as hackers learn to expect that deception assets will be hidden among their targets, deception tools seem more than capable of keeping one step ahead. So long as the deceptive assets are supported with lures and breadcrumbs on production systems to make them look real, attackers will inevitably wander into the traps and reveal themselves.

However, not everything is perfect in the world of deception. Most of the programs in the market today, while very good at alerting to the presence of an attacker, do nothing in terms of remediation of the problem – other than perhaps to offload that responsibly to another program or to humans working a network SIEM module. In many ways, they end up being like the dog chasing cars in that old story, putting a ton of effort into catching their quarry, but almost no thought into what to do once they have successfully latched on.

The Attivo Deception and Response Platform aims to change all that, adding native and even automatic response capabilities to its already powerful deception frontend. This is coupled with other powerful tools and applications like internal sandboxing, ransomware protection, user training and even phishing sample submissions, all supported by robust, accurate deception.

Deploying Attivo

The Attivo platform is divided up into four components, BOTsink, ThreatStrike, ThreatPath and ThreatOPs. Together they form the complete detection and response capabilities, starting with deploying decoys and making them look like real clients, protecting credentials and preventing ransomware outbreaks, plotting the attack paths of attackers and blocking them from reentering a network once purged, and tracking everything in a ticketing system suitable for confirmation checking or auditing. But it all starts with deploying deception.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.