Attivo

Deception Technology for Early and Accurate Threat Detection

Optec partner with Attivo for its innovative approach to visibility and detection of human and automated attackers. Extremely simple to deploy, manage, and scale the ThreatDefend solution comprehensively covers on-premise, cloud, remote, and specialized environments.

Overview

How Deception Works

Deception Architecture

Deception Within The Security Control Stack

Overview

Attivo deception provides immediate value by providing “eyes inside the network” visibility and accurate detection alerting based upon decoy engagement or attempts to use deception credentials, most notably early in the attack cycle.

For years, attackers have successfully used deception tactics for breaching networks. They masquerade as legitimate employees, using stolen credentials and deceptive measures to infiltrate a network, all while remaining undetected for lengthy dwell times. Security teams are challenged in that they have to be successful 100% of the time, whereas an attacker only has to get lucky once. It’s now time to turn the tables on attackers and use deception against them. Outwitting an adversary is rarely accomplished without a balance of defensive and offensive measures

Deception brings the offense into the realm of cybersecurity with the ability to deceive and misdirect an attacker into revealing themselves. All, without false positive alert fatigue and the burden of operational overhead associated with traditional detection methods. Attivo stands apart in that the company uniquely empowers organizations with capabilities they cannot achieve with other security controls: the capacity to outmaneuver the attacker, force them to execute flawlessly, and ultimately derail their efforts using their beloved approach of deception.

Deception works by using deceive traps and lures designed to attract an attacker into engaging and away from production assets. Decoys are projected throughout the network along with endpoint credentials, mapped shares, deception data or applications that will breadcrumb the attacker back to an engagement server that will alert on the presence of an attacker.

Deception Architecture

Believability is critical to enticing the attacker, and as such Attivo Networks uses real operating systems, services, and applications that mirror match the production environment. Golden image software can also be used for 100% matching. Integration with Active Directory will also validate deception credentials for authenticity.

Deception Within The Security Control Stack

Deception technology provides the “eyes within the network” visibility to threats that have bypassed perimeter defenses. By laying a maze of decoys, lures, and mis-directions security teams can accurately and efficiently detect early reconnaissance, lateral movement, and credential theft, improving detection time and reducing attacker dwell time.

COMPREHENSIVE DECEPTION COVERAGE

Network

High interaction, authentic decoys designed to attract attackers during reconnaissance and lateral movement, whether on-premises or in the cloud.
.

Endpoint

Credentials, user data, and mapped shares attract and breadcrumb attackers into deception environment, quickly revealing attacks on endpoints.
.

Applications

Create deception environments that appear as production applications such as SWIFT, web services, print services, cloud storage buckets, serverless functions, or container apps.

Data

Plant deceptive files, cloud access tokens, or other data elements to gain a better understanding of areas being targeted for theft and geolocation services.

Want to talk to Optec about how Attivo could help your company?