provides a globally scalable security control for early threat detection and accelerated
               incident response against attackers.





               Detection Time (Dt)


               Dynamic  traps  and  lures  essentially  turn  the  network  attack  surface  into  a  “hall  of

               mirrors”, altering an attacker’s reality and increasing their costs as they are forced to
               decipher what is real versus fake. The solution operates differently than IDS or other

               database lookup or pattern matching solutions. It isn’t reliant on known signatures nor
               does it require time to learn or “get good” to add value. Endpoint deceptions also serve

               to  close  the  gap  on  credential  based  detection  and  ransomware  attacks  by  planting
               deception  drives  to  misdirect  the  attacker  to  a  deception  server  and  keep  them

               distracted while security teams are afforded the time to respond.


               Key  to  early  detection  is  the  authenticity  and  attractiveness  of  the  deception  to  the

               attacker.  The  Attivo  deception  decoys  are  built  for  the  highest  authenticity  with  real
               operating  systems,  a  wide  variety  of  application  and  data  deceptions,  along  with  the

               ability  to  run  the  same  “golden  image”  software  as  production  assets.  The  Attivo
               solution is designed for the evolving attack landscape, as you never know which point of

               entry an attacker will take.


               The  ThreatDefend™  platform  has  been  proven  at  scale  in  global  installations  that
               include  deployments  in  user  networks,  data  centers,  cloud,  remote  office,  and  in

               specialized environments such as POS, ICS-SCADA, IOT, SWIFT, telecommunications,
               and network infrastructure devices. Deception is notably designed to work throughout

               the phases of the Kill Chain and detect regardless of attack vector. Setting in-network

               traps and endpoint lures work to attract and detect the attacker during reconnaissance
               and lateral movement, when harvesting credentials for reuse, when conducting man-in-

               the-middle attacks, or when attempting to compromise an Active Directory server. The
               combination  of  network  and  endpoint  deceptions  detects  attacks  early  and  efficiently

               throughout the entire network.




                   19    Cyber Defense eMagazine – December 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.