Attivo Networks ambushes
attackers at the endpoint
ttivo Networks, an awardwinning
leader in deception for
A
cybersecurity threat detection,
has announced new capabilities within
its ThreatDefend Detection Platform that
aim to anticipate methods an attacker
will use to break out from an infected
endpoint and ambush its every move.
This unique approach to detection
specifically focuses on reducing the
time an attacker can remain undetected
and the amount of effort required for an
organisation to restore environments to
normal operations. This new Endpoint
Detection Net offering will also serve as
a powerful protection force-multiplier for
businesses using endpoint protection
(EPP) and endpoint detection and
response (EDR) solutions by closing
detection gaps and facilitating automated
incident response.
Protecting endpoints and preventing
the spread of infected systems is a
critical concern for organisations of
all sizes, with research revealing that
attackers can move off of an initially
compromised system in 4.5 hours, on
average. Further, new research shows
that the average dwell time – the time
it takes to detect attackers operating
within an enterprise network – increased
an average of 10 days in 2019, from 85
to 95 days, highlighting the escalating
requirement to secure endpoints and
prevent an adversary from establishing a
foothold. As a result, CISOs and security
managers are increasing their spending
and allocating budget for network
detection and response tools, staff skills
training and endpoint detection and
response solutions.
“Endpoints are the new battleground,
and well-orchestrated detection
and response capabilities are an
organisation’s greatest weapon against
attackers,” said Ray Kafity, Vice
President of META at Attivo Networks.
“The new Endpoint Detection Net
offering provides organisations of all
sizes an efficient and effective way to
derail an attacker’s lateral movement
before they can establish a foothold or
cause material harm.”
The Attivo Endpoint Detection Net
product is tackling endpoint security
challenges head-on by making every
endpoint a decoy designed to disrupt
an attacker’s ability to break out and
further infiltrate the network. It does this
without requiring agents on the endpoint
or causing disruption to regular network
operations. The company used historical
attack data and the MITRE Att&ck
framework as a way to understand
the various methods attackers use to
spread laterally from an endpoint and
then created a comprehensive solution
designed to stop them.
The Endpoint Detection Net solution
elevates security control by accurately
raising alerts and taking proactive
measures to derail attackers. These
capabilities include early attack
detection based on:
• Unauthorised active directory
queries from an endpoint
• Theft of local credentials
• Attempts to compromise file servers
by moving to mapped shares.
• Network reconnaissance to
find production assets and
available services
• Man-in-the-middle attacks where
attackers try to steal credentials
in transit
• Identifying the available attack paths
that an attacker would take to move
about the network u
intelligent NETWORK SECURITY
www.intelligentciso.com | Issue 27
59