Attivo Networks ambushes attackers at the endpoint

Attivo Networks ambushes attackers at the endpoint
Attivo Networks ambushes attackers at the endpoint

We show you our most important and recent visitors news details Attivo Networks ambushes attackers at the endpoint in the following article

Hind Al Soulia - Riyadh - DUBAI — Attivo Networks, the award-winning leader in deception for cybersecurity threat detection, Monday announced new capabilities within its ThreatDefend Detection Platform that aim to anticipate methods an attacker will use to break out from an infected endpoint and ambush their every move. This unique approach to detection specifically focuses on reducing the time an attacker can remain undetected and the amount of effort required for an organization to restore environments to normal operations.

This new Endpoint Detection Net offering will also serve as a powerful protection force-multiplier for businesses using Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) solutions by closing detection gaps and facilitating automated incident response.

Protecting endpoints and preventing the spread of infected systems is a critical concern for organizations of all sizes, with research revealing that attackers can move off of an initially compromised system in 4.5 hours, on average. Further, new research shows that the average dwell time — the time it takes to detect attackers operating within an enterprise network — increased an average of 10 days in 2019, from 85 to 95 days, highlighting the escalating requirement to secure endpoints and prevent an adversary from establishing a foothold.

As a result, CISOs and security managers are increasing their spending and allocating budget for network detection and response tools, staff skills training, and endpoint detection and response solutions.

“Endpoints are the new battleground, and well-orchestrated detection and response capabilities are an organization’s greatest weapon against attackers,” said Ray Kafity, vice president of META at Attivo Networks. “The new Endpoint Detection Net offering provides organizations of all sizes an efficient and effective way to derail an attacker’s lateral movement before they can establish a foothold or cause material harm.”

The Attivo Endpoint Detection Net product is tackling endpoint security challenges head-on by making every endpoint a decoy designed to disrupt an attacker’s ability to break out and further infiltrate the network. It does this without requiring agents on the endpoint or causing disruption to regular network operations.

The company used historical attack data and the MITRE [email protected] framework as a way to understand the various methods attackers use to spread laterally from an endpoint and then created a comprehensive solution designed to stop them.

The Endpoint Detection Net solution elevates security control by accurately raising alerts and taking proactive measures to derail attackers. These capabilities include early attack detection based on:

• Unauthorized Active Directory queries from an endpoint. Attackers seeking information on privileged domain accounts, systems, and other high-value objects will now receive fake Active Directory results, which make an attacker’s automated tools untrustworthy and further advancement futile as their efforts get redirected into a decoy environment.

• Theft of local credentials. Deceptive credential lures deploy on the endpoint, and attempted use by an attacker will breadcrumb attacks away from production assets and into a decoy environment.

• Attempts to compromise file servers by moving to mapped shares. Attacks will get thwarted by decoy file shares and systems. Attackers will also be actively engaged within the decoys, providing defenders time to isolate the systems and prevent further infection of malware or ransomware.

• Network reconnaissance to find production assets and available services. These activities will become challenging as decoys obfuscate the attack surface with systems that appear identical to production assets but are instead virtual landmines for an attacker.

• Man-in-the-Middle attacks where attackers try to steal credentials in transit. These attacks are traditionally difficult to identify; however, this solution delivers an innovative and quick means to detect and alert on them.

• Identifying the available attack paths that an attacker would take to move about the network. Organizations now gain visibility to at-risk credentials and avenues of lateral movement, as well as the insights needed to remove them before attackers can leverage any exposed or orphaned credentials.

Attivo Networks has continually strengthened its endpoint detection capabilities and has been recently named a ‘Hot Company’ in Endpoint Security by Cyber Defense Magazine in its 2019 Global Awards. CISOMAG also honored the company for its innovation with inclusion in its Endpoint Security Power List that was released in November of 2019. — SG


These were the details of the news Attivo Networks ambushes attackers at the endpoint for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.

It is also worth noting that the original news has been published and is available at Saudi Gazette and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.

NEXT Aramco chief optimistic about second-half of 2020 as China gasoline and diesel demand accelerates