Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

10:09 AM
Dark Reading
Dark Reading
Products and Releases

Attivo Strikes Back At KillDisk and CryptoLocker

Provides Detection and Forensic Analysis for All Classes of Cyber Threats

Fremont, CA., January 26, 2016— Attivo Networks®, the leader in deception for cyber security threat detection, today announced that it has expanded its Deception Platform to detect all classes of cyber threats including reconnaissance, stolen credentials, phishing, and ransomware attacks. Deception is a new approach to cyber security defense and employs highly efficient deception techniques to attract attackers into engaging by luring them away from company assets while extending organizations the much-needed time to identify and thwart an attack. Expanding on its BOTsink® and end-point deception technologies, organizations can now benefit from additional functionality that can be used to deceive and stop attacks like CryptoLocker, KillDisk, and other file content altering attacks, and to safely quarantine and analyze phishing attacks.

“Attivo has taken a clear lead in the deception technology category based on customer deployments and the completeness of our solution,” comments Tushar Kothari, CEO of Attivo Networks.  “Our Deception Platform has proven itself to be the most comprehensive and effective solution in the market and this announcement demonstrates our commitment to building out both breadth and depth of deception solutions.  Our mission is very clear: we will defend our customers from every form of cyber attack with the real-time detection of breaches that have bypassed all other prevention defenses.”

The need for detecting inside-the-network threats that have bypassed prevention security solutions is growing swiftly, driven by the dramatic increase, expense, and maliciousness of breaches.  The Attivo Deception Platform is based on a comprehensive suite of deception engagement servers, deception luring technology and techniques, and on a highly sophisticated forensics and analysis correlation engine. The platform has proven to be a highly effective solution for detecting Advanced Persistent Threats (APTs) and BOTs that are running reconnaissance to mount their attacks, moving laterally throughout the network, and for detecting when attackers are trying to use stolen credentials. The BOTsink Multi-Dimensional Correlation Engine (MDCE) has now been enhanced to provide a safe “sandbox” environment to expand and activate suspect phishing emails. Additionally, the Attivo end-point deception lures have been enhanced to deceive attackers, luring them to the BOTsink engagement server for analysis and containment.

“Gartner believes that more lean-forward organizations should also leverage deception in-depth as a new strategy for comprehensive threat defense against the onslaught of advanced attackers and attack techniques,” comments Lawrence Pingree, Gartner Research Director in his report on deception techniques and technologies published last July.*

The phishing solution allows individuals to submit suspect emails to the BOTsink analysis engine. Here, the email will be analyzed, and reports created with associated industry threat classifications, empowering the team to promptly understand the threat and update prevention systems.

The Attivo end-point deception enhancements are designed to lure the attacker to the BOTsink engagement server, mitigating an attackers opportunity to modify the disk contents of other devices. This new functionality will be effective for detecting threats like CryptoLocker and KillDisk, which are built to encrypt, infect or erase files. Once an attacker is lured to the BOTsink platform the attack will be analyzed, alerts raised, and reports created for the immediate quarantining of the infected device.

Additionally, the new Attivo feature release includes enhancements to its deception technology and can now automatically deploy its engagement servers based on anomalous activity and draw attackers to BOTsink. Enhancements were also made to expand detection of attacks based on broadcast and multicast traffic.

Tweet This: [email protected] expands #cybersecurity deception, detecting all classes of cyber threats including #Phishing and #Ransomware

* Gartner, Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities, Lawrence Pingree, 16 July 2015

About Attivo Networks

Attivo Networks® is the leader in dynamic deception technology, which in real-time detects intrusions inside the network, data center, and cloud before the data is breached. Leveraging high-interaction deception techniques, the Attivo BOTsink® Solution lures BOTs and APTs to reveal themselves, without generating false positives. Designed for efficiency, there are no dependencies on signatures, database lookup or heavy computation to detect and defend against cyber threats. Attivo solutions capture full forensics and provide the threat intelligence to shut down current and protect against future attacks. www.attivonetworks.com

Follow Attivo Networks: Twitter and Linked In


Gary Thompson
Clarity Communications
415-963-4082 ext. 101
[email protected]

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
PUBLISHED: 2020-05-25
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.