industry unlocked
what the attacker does usually and
what is the purpose of compromising
and penetrating networks all across the
world. We understood the motives of why
hackers do it and we also understood
what they do in a typical network to
reach their objective. We’ve applied
Artificial Intelligence and Machine
Learning in a solution that fools the
attacker inside the network.
We can plant up to 384 different decoy
servers or decoy assets. The beauty of
those decoy assets, from an Attivo point
of view, is that it’s a virtual machine that
we plant inside the real IP address and
the attacker does not distinguish it from
the real server because we try to build
decoy servers and this is where Artificial
Intelligence comes in.
We learn what is the typology of the
network and basis of the operating
systems and we build decoy servers that
are almost identical to the one next to it
www.intelligentciso.com
|
Issue 07
The emphasis is on
early detection and
also accelerated
and orchestrated
response with the
whole eco-system
that the company or
organisation has.
(the real one), so the attacker does not
think that he has fallen into a trap.
We plant our servers in unpublished IP
addresses – as soon as the attacker
does lateral movement in an unpublished
IP they are guilty by association because
there is no need for anybody to come
and touch it.
Therefore, once they do this they are
actually captured because this IP
address is mapped all the way up to
the Attivo appliance which sits inside
the network. That is how we capture the
attacker inside our network and we now
take over dealing with him but he doesn’t
know that. We are watching all his moves
and recording it in a forensic file.
What are the main benefits
the ministry can get from the
ThreatDefend Platform?
Dynamic, real-time threat detection
and accelerated and orchestrated
incident response. The emphasis is on
early detection and also accelerated
and orchestrated response with the
whole eco-system that the company or
organisation has.
45