Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

1/27/2016
10:09 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Attivo Strikes Back At KillDisk and CryptoLocker

Provides Detection and Forensic Analysis for All Classes of Cyber Threats

Fremont, CA., January 26, 2016— Attivo Networks®, the leader in deception for cyber security threat detection, today announced that it has expanded its Deception Platform to detect all classes of cyber threats including reconnaissance, stolen credentials, phishing, and ransomware attacks. Deception is a new approach to cyber security defense and employs highly efficient deception techniques to attract attackers into engaging by luring them away from company assets while extending organizations the much-needed time to identify and thwart an attack. Expanding on its BOTsink® and end-point deception technologies, organizations can now benefit from additional functionality that can be used to deceive and stop attacks like CryptoLocker, KillDisk, and other file content altering attacks, and to safely quarantine and analyze phishing attacks.

“Attivo has taken a clear lead in the deception technology category based on customer deployments and the completeness of our solution,” comments Tushar Kothari, CEO of Attivo Networks.  “Our Deception Platform has proven itself to be the most comprehensive and effective solution in the market and this announcement demonstrates our commitment to building out both breadth and depth of deception solutions.  Our mission is very clear: we will defend our customers from every form of cyber attack with the real-time detection of breaches that have bypassed all other prevention defenses.”

The need for detecting inside-the-network threats that have bypassed prevention security solutions is growing swiftly, driven by the dramatic increase, expense, and maliciousness of breaches.  The Attivo Deception Platform is based on a comprehensive suite of deception engagement servers, deception luring technology and techniques, and on a highly sophisticated forensics and analysis correlation engine. The platform has proven to be a highly effective solution for detecting Advanced Persistent Threats (APTs) and BOTs that are running reconnaissance to mount their attacks, moving laterally throughout the network, and for detecting when attackers are trying to use stolen credentials. The BOTsink Multi-Dimensional Correlation Engine (MDCE) has now been enhanced to provide a safe “sandbox” environment to expand and activate suspect phishing emails. Additionally, the Attivo end-point deception lures have been enhanced to deceive attackers, luring them to the BOTsink engagement server for analysis and containment.

“Gartner believes that more lean-forward organizations should also leverage deception in-depth as a new strategy for comprehensive threat defense against the onslaught of advanced attackers and attack techniques,” comments Lawrence Pingree, Gartner Research Director in his report on deception techniques and technologies published last July.*

The phishing solution allows individuals to submit suspect emails to the BOTsink analysis engine. Here, the email will be analyzed, and reports created with associated industry threat classifications, empowering the team to promptly understand the threat and update prevention systems.

The Attivo end-point deception enhancements are designed to lure the attacker to the BOTsink engagement server, mitigating an attackers opportunity to modify the disk contents of other devices. This new functionality will be effective for detecting threats like CryptoLocker and KillDisk, which are built to encrypt, infect or erase files. Once an attacker is lured to the BOTsink platform the attack will be analyzed, alerts raised, and reports created for the immediate quarantining of the infected device.

Additionally, the new Attivo feature release includes enhancements to its deception technology and can now automatically deploy its engagement servers based on anomalous activity and draw attackers to BOTsink. Enhancements were also made to expand detection of attacks based on broadcast and multicast traffic.

Tweet This: [email protected] expands #cybersecurity deception, detecting all classes of cyber threats including #Phishing and #Ransomware

* Gartner, Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities, Lawrence Pingree, 16 July 2015

About Attivo Networks

Attivo Networks® is the leader in dynamic deception technology, which in real-time detects intrusions inside the network, data center, and cloud before the data is breached. Leveraging high-interaction deception techniques, the Attivo BOTsink® Solution lures BOTs and APTs to reveal themselves, without generating false positives. Designed for efficiency, there are no dependencies on signatures, database lookup or heavy computation to detect and defend against cyber threats. Attivo solutions capture full forensics and provide the threat intelligence to shut down current and protect against future attacks. www.attivonetworks.com

Follow Attivo Networks: Twitter and Linked In

CONTACT:

Gary Thompson
Clarity Communications
415-963-4082 ext. 101
[email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.