Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

10:09 AM
Dark Reading
Dark Reading
Products and Releases

Attivo Strikes Back At KillDisk and CryptoLocker

Provides Detection and Forensic Analysis for All Classes of Cyber Threats

Fremont, CA., January 26, 2016— Attivo Networks®, the leader in deception for cyber security threat detection, today announced that it has expanded its Deception Platform to detect all classes of cyber threats including reconnaissance, stolen credentials, phishing, and ransomware attacks. Deception is a new approach to cyber security defense and employs highly efficient deception techniques to attract attackers into engaging by luring them away from company assets while extending organizations the much-needed time to identify and thwart an attack. Expanding on its BOTsink® and end-point deception technologies, organizations can now benefit from additional functionality that can be used to deceive and stop attacks like CryptoLocker, KillDisk, and other file content altering attacks, and to safely quarantine and analyze phishing attacks.

“Attivo has taken a clear lead in the deception technology category based on customer deployments and the completeness of our solution,” comments Tushar Kothari, CEO of Attivo Networks.  “Our Deception Platform has proven itself to be the most comprehensive and effective solution in the market and this announcement demonstrates our commitment to building out both breadth and depth of deception solutions.  Our mission is very clear: we will defend our customers from every form of cyber attack with the real-time detection of breaches that have bypassed all other prevention defenses.”

The need for detecting inside-the-network threats that have bypassed prevention security solutions is growing swiftly, driven by the dramatic increase, expense, and maliciousness of breaches.  The Attivo Deception Platform is based on a comprehensive suite of deception engagement servers, deception luring technology and techniques, and on a highly sophisticated forensics and analysis correlation engine. The platform has proven to be a highly effective solution for detecting Advanced Persistent Threats (APTs) and BOTs that are running reconnaissance to mount their attacks, moving laterally throughout the network, and for detecting when attackers are trying to use stolen credentials. The BOTsink Multi-Dimensional Correlation Engine (MDCE) has now been enhanced to provide a safe “sandbox” environment to expand and activate suspect phishing emails. Additionally, the Attivo end-point deception lures have been enhanced to deceive attackers, luring them to the BOTsink engagement server for analysis and containment.

“Gartner believes that more lean-forward organizations should also leverage deception in-depth as a new strategy for comprehensive threat defense against the onslaught of advanced attackers and attack techniques,” comments Lawrence Pingree, Gartner Research Director in his report on deception techniques and technologies published last July.*

The phishing solution allows individuals to submit suspect emails to the BOTsink analysis engine. Here, the email will be analyzed, and reports created with associated industry threat classifications, empowering the team to promptly understand the threat and update prevention systems.

The Attivo end-point deception enhancements are designed to lure the attacker to the BOTsink engagement server, mitigating an attackers opportunity to modify the disk contents of other devices. This new functionality will be effective for detecting threats like CryptoLocker and KillDisk, which are built to encrypt, infect or erase files. Once an attacker is lured to the BOTsink platform the attack will be analyzed, alerts raised, and reports created for the immediate quarantining of the infected device.

Additionally, the new Attivo feature release includes enhancements to its deception technology and can now automatically deploy its engagement servers based on anomalous activity and draw attackers to BOTsink. Enhancements were also made to expand detection of attacks based on broadcast and multicast traffic.

Tweet This: [email protected] expands #cybersecurity deception, detecting all classes of cyber threats including #Phishing and #Ransomware

* Gartner, Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities, Lawrence Pingree, 16 July 2015

About Attivo Networks

Attivo Networks® is the leader in dynamic deception technology, which in real-time detects intrusions inside the network, data center, and cloud before the data is breached. Leveraging high-interaction deception techniques, the Attivo BOTsink® Solution lures BOTs and APTs to reveal themselves, without generating false positives. Designed for efficiency, there are no dependencies on signatures, database lookup or heavy computation to detect and defend against cyber threats. Attivo solutions capture full forensics and provide the threat intelligence to shut down current and protect against future attacks. www.attivonetworks.com

Follow Attivo Networks: Twitter and Linked In


Gary Thompson
Clarity Communications
415-963-4082 ext. 101
[email protected]


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I can't find the back door.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting