INTELLIGENT BRANDS // Enterprise Security
Attivo Networks announces
endpoint capabilities that
catch attackers at ‘hello’
Attivo Networks, an award-winning leader in cyber deception
and attacker lateral movement threat detection, has introduced
new capabilities to its Endpoint Detection Net (EDN) solution that
prevent attackers from fingerprinting an endpoint to identify
security weaknesses and from conducting reconnaissance.
Attackers use fingerprinting to identify
targets, decide which vulnerabilities
to exploit and determine how to
successfully interact with them. Unlike
traditional security solutions, these new
capabilities proactively redirect suspicious
endpoint inbound or outbound traffic to
decoys for attacker engagement.
The new EDN Deflect functionality provides
alerts to unauthorized host and service
scanning, which is critical because other
security controls typically do not generate an
alert for these types of activities.
Attempts by attackers to fingerprint an
endpoint are regularly missed due to
the complexity of tracking, analyzing
and alerting on all of an endpoint’s
communications traffic. These new
deflection capabilities efficiently and
accurately detect network and application
fingerprinting as well as lateral movement,
closing one more attack vector that threat
actors are increasingly leveraging.
detection. The EDN solution, with its new
Deflect function, identifies these connection
and reconnaissance attempts and isolates
the attacker by redirecting them to decoys
for engagement, without interfering with
production services or ports.
“The EDN Deflect feature increases the
resistance in the network by preventing
an attacker from moving laterally and
fingerprinting network and application
services,” said Venu Vissamsetty, Vice
President of Security Research, Attivo
Networks. “By detecting unauthorized ingress
and egress connections both at the source
and at the destination, security defenders
gain real time visibility along with conclusive
detection alerts.”
Attackers fingerprint target hosts by probing
for open ports they can attack (HTTP/
HTTPS, remote desktop, SSH, MSSQL, etc.),
and then either run exploits against their
vulnerabilities or find misconfigurations or
weak passwords to compromise them. The
Attivo Deflect function gives power back to
the defender by:
• Redirecting attackers scanning closed
ports on protected hosts to decoys
for engagement
• Redirecting failed outbound connections
from protected endpoints to decoys
for engagement
• Making every endpoint a trap and
preventing fingerprinting of
network services
• Providing real time visibility and
conclusive detection into every attack
before it moves off an endpoint
• Providing active detection and
prevention capabilities at both the source
and destination
• Isolating and investigating suspicious
endpoints without external tools •
When attackers successfully breach an
endpoint and get a foothold inside a network
(known as ‘breakout time’ and estimated to
average just under nine hours) they spread
to other systems by probing for open ports
and fingerprinting network services.
Furthermore, research shows that only 4%
of reconnaissance activity generates an
alert, and security controls miss 54% of
techniques used to test lateral movement
68
INTELLIGENTCIO
www.intelligentcio.com