Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:30 PM
Dark Reading
Dark Reading
Products and Releases

Attivo Networks Provides First Deception-based Threat Detection Platform for Internet of Things (IoT)

Detection Platform Addresses Gaps in IoT Security with Real-time Threat Detection and Attack Forensics for Accelerated Incident Response

FREMONT, Calif., May 24, 2016— Attivo Networks®, the award-winning leader in deception for cyber security threat detection, today announced an expansion of the Attivo Deception Platform, which provides real-time threat detection and accelerated incident response, to now support the Internet of Thing (IoT) ecosystem. This new enhancement complements the existing Deception Platform that supports user networks, data centers, cloud and ICS-SCADA environments. “Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015”[1], bringing a whole new set of cybersecurity risk and the need for real-time attack detection.

IoT systems are network connected devices that collect and exchange data, allowing enterprises to increase efficiency and productivity. IoT networks bring in a diverse amount of connected devices and can introduce multiple points of vulnerabilities in the networks. High-availability and safety are important attributes of IoT deployments and downtime of IoT sensors/network can cause significant damage to an organization and in some cases public safety. Just a few of the security challenges that these devices bring include a dramatic increase in unauthorized access, weak encryption, targeted attacks exploiting vulnerabilities in vendor software, weak passwords and many more. Once inside the network, attackers can use stolen credentials or move laterally to gain illegitimate access to company assets and information. Rich IoT targets include PACS (Picture archive and communications system) servers which store critical patient data such as x-rays and other digital images, payment gateways for credit card processing, and other data gathering and aggregation frameworks.

The Attivo Networks Deception Platform is designed to detect cyber attackers regardless of whether the attack is a targeted, stolen credential, ransomware, or insider threat. Customers can configure the Attivo Deception Platform to look identical to IoT systems based on  XMPP, COAP, MQTT, HL7 and DICOM based PACS servers in their networks. The Attivo BOTsink® engagement servers and decoys can then be customized to appear as production IoT sensors and servers, deceiving attacker into thinking they’re authentic. By engaging with decoys and not with production devices, the attacker reveals themselves and can be quarantined and studied for detailed forensics that can be used for remediation and future prevention.

“With the growing number of IoT devices in production networks, even minor security issues can turn into significant problems. This new surge of IoT devices will be a cyber attacker’s playground with introduction of new data exchange mechanism and traditional security infrastructure being ill equipped to prevent threat actors from using these devices as an onramp to their network.” said Tushar Kothari, CEO of Attivo Networks.  “Given the inability to run anti-virus or apply typical prevention measures, deception will play a critical role in the early threat detection and response to IoT cyberattacks.”

According to Gartner analysts Ray Wagner,Earl Perkins,Greg Young, Anmol Singh and Lawrence Orans  in their December 2015 report Predicts 2016: Security for the Internet of Things, “Discovery, provisioning, authentication and data protection will account for 50% of all security spend for IoT through 2020… by year-end 2018, over 50% of IoT device manufacturers will remain unable to address product threats emanating from weak authentication practices.

About Attivo Networks

Attivo Networks® is the leader in dynamic deception technology for the real-time detection, analysis and forensics of cyber-attacks. The Attivo Deception Platform provides inside-the-network threat detection for user networks, data centers, clouds, and ICS-SCADA environments.  Not reliant on known signatures or attack patterns, Attivo uses high-interaction deception techniques based on Attivo BOTsink® engagement servers to lure attackers into revealing themselves. Combined with the Attivo End-Point Deception Suite, advanced luring technology is deployed to detect the use of stolen credentials, ransomware, and targeted attacks. Comprehensive attack analysis and forensics provide actionable alerts and can be set to automatically block and quarantine attacks for accelerated incident response. For more information visit www.attivonetworks.com

Follow Attivo Networks: Twitter and Linked In


Gary Thompson

Clarity Communications

[email protected]



Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, Kroll,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-27
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) [DNP] via trim().
PUBLISHED: 2020-10-27
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.
PUBLISHED: 2020-10-27
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.
PUBLISHED: 2020-10-27
Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.
PUBLISHED: 2020-10-27
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.