Ray Kafity, Vice President,
META, Attivo Networks
industry unlocked
Traditional cyberdefences still have their part
to play in the battle against cybercriminals
but as their techniques become ever more
sophisticated an increasing number of
organisations are putting their trust into
Deception Technology. The Ministry of Energy,
Industry and Mineral Resources in Saudi Arabia
is leveraging Attivo’s ThreatDefend Deception
and Response Platform to ensure early detection
of threats and flush out the bad actors.
W
44
With breaches continuing to hit organisations at
unprecedented levels, new approaches to uphold
cybersecurity are heavily in demand. Traditional
prevention-based security solutions are no longer
seen as the only weapons with which enterprises
can arm themselves.
For instance, more organisations are putting
their faith in Deception Technology, which
set a series of traps that force the attacker
to reveal their identity, stopping them dead in
their tracks. One such deception technique
solution is Attivo’s ThreatDefend Deception and
Response Platform which is being leveraged
by the Ministry of Energy, Industry and Mineral
Resources in Saudi Arabia.
The sector has been heavily hit by
cybercriminals intent on exploiting its wealth
by any means possible, but platforms such as
ThreatDefend are being utilised to up the game
against the bad actors.
The platform is recognised for its
comprehensive network and endpoint-based
deception, which turns user networks, data
centres, cloud, remote offices and even
specialty environments such as IOT, ICS-
SCADA, point-of-sale, telecom and network
infrastructure systems into traps and a ‘hall of
mirrors’ environment that will confuse, misdirect
and lead the attackers to reveal their identity.
The solution is designed for continuous threat
management, which starts with deception-based
detection of in-network threats and adds in
automated attack analysis, forensic reporting
and third-party integrations (Firewall,
NAC, end-point, SIEM) to accelerate
incident response (block, quarantine,
threat hunt).
Visibility tools empower organisations to
proactively strengthen overall security
defences by showing exposed attack
paths and attacker movement in a time-
lapsed replay.
The platform comprises Attivo
BOTsink engagement servers, decoys,
deceptions, the Multi-Correlation
Detection Engine (MCDE), the
ThreatStrike end-point deception suite,
the Attivo Central Manager (ACM),
ThreatPath and ThreatOps.
Together, the product suite creates
a comprehensive early detection
and continuous threat management
defence against advanced threat actors.
Intelligent CIO spoke to both the vendor
and end-user to find out exactly how the
platform is being leveraged.
Here we speak to RAY KAFITY,
Vice President, META, Attivo
Networks, to find out more about
his company’s solution.
Can you explain how deception
fools the cybercriminal?
The way we have done it is we’ve taken
human behaviour, we have understood
Issue 07
|
www.intelligentciso.com