Intelligent CISO Issue 07 | Page 44

Ray Kafity, Vice President, META, Attivo Networks industry unlocked Traditional cyberdefences still have their part to play in the battle against cybercriminals but as their techniques become ever more sophisticated an increasing number of organisations are putting their trust into Deception Technology. The Ministry of Energy, Industry and Mineral Resources in Saudi Arabia is leveraging Attivo’s ThreatDefend Deception and Response Platform to ensure early detection of threats and flush out the bad actors. W 44 With breaches continuing to hit organisations at unprecedented levels, new approaches to uphold cybersecurity are heavily in demand. Traditional prevention-based security solutions are no longer seen as the only weapons with which enterprises can arm themselves. For instance, more organisations are putting their faith in Deception Technology, which set a series of traps that force the attacker to reveal their identity, stopping them dead in their tracks. One such deception technique solution is Attivo’s ThreatDefend Deception and Response Platform which is being leveraged by the Ministry of Energy, Industry and Mineral Resources in Saudi Arabia. The sector has been heavily hit by cybercriminals intent on exploiting its wealth by any means possible, but platforms such as ThreatDefend are being utilised to up the game against the bad actors. The platform is recognised for its comprehensive network and endpoint-based deception, which turns user networks, data centres, cloud, remote offices and even specialty environments such as IOT, ICS- SCADA, point-of-sale, telecom and network infrastructure systems into traps and a ‘hall of mirrors’ environment that will confuse, misdirect and lead the attackers to reveal their identity. The solution is designed for continuous threat management, which starts with deception-based detection of in-network threats and adds in automated attack analysis, forensic reporting and third-party integrations (Firewall, NAC, end-point, SIEM) to accelerate incident response (block, quarantine, threat hunt). Visibility tools empower organisations to proactively strengthen overall security defences by showing exposed attack paths and attacker movement in a time- lapsed replay. The platform comprises Attivo BOTsink engagement servers, decoys, deceptions, the Multi-Correlation Detection Engine (MCDE), the ThreatStrike end-point deception suite, the Attivo Central Manager (ACM), ThreatPath and ThreatOps. Together, the product suite creates a comprehensive early detection and continuous threat management defence against advanced threat actors. Intelligent CIO spoke to both the vendor and end-user to find out exactly how the platform is being leveraged. Here we speak to RAY KAFITY, Vice President, META, Attivo Networks, to find out more about his company’s solution. Can you explain how deception fools the cybercriminal? The way we have done it is we’ve taken human behaviour, we have understood Issue 07 | www.intelligentciso.com