New-gen security provider Attivo Networks, which mimics a real IT system using a deception approach that lures bad actors in and then traps them, has expanded its reach to serve the budding IoT (Internet of things) market.
The Fremont, Calif.-based company has been successful for five years with its on-premises, server-loaded service and a cloud version on Amazon Web Services, but as of June 1 now offers its own brand of real-time threat detection and fast incident response specifically for IoT environments.
This new enhancement to the Attivo service complements the company's Deception Platform that already supports user networks, data centers, cloud and ICS-SCADA (Industrial Control Systems-Supervisory Control and Data Acquisition) environments, CEO Tushar Kothari told eWEEK.
"Our architecture is designed to add capabilities, so we did not have to rebuild our software to add IoT use cases," Kothari said. "Gartner (Research) forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, bringing a whole new set of cybersecurity risk and the need for real-time attack detection. The need is there for new ways to secure data."
First to Deploy Deception Security in the IoT?
Thus, Kothari said, Attivo becomes the first IT security provider to utilize deception-type security in the IoT realm. "No one else is doing this," Kothari said.
IoT systems are groupings of network-connected devices that automatically collect and exchange data, allowing enterprises to increase efficiency and productivity. However, IoT networks also bring in a diverse set of connected devices that can introduce multiple points of vulnerabilities in the networks, Kothari said.
"With the growing number of IoT devices in production networks, even minor security issues can turn into significant problems," Kothari said. "This new surge of IoT devices will be a cyber attacker's playground with introduction of new data exchange mechanism and traditional security infrastructure being ill equipped to prevent threat actors from using these devices as an onramp to their network.
"Given the inability to run anti-virus or apply typical prevention measures, deception will play a critical role in the early threat detection and response to IoT cyberattacks."
High availability and safety are important attributes of IoT deployments; downtime of IoT sensors/network can cause significant damage to an organization, and, in some cases, public safety.
Can Handle List of Security Challenges
Some of the security challenges these devices bring include unauthorized access, weak encryption, targeted attacks exploiting vulnerabilities in vendor software, weak passwords, and others. Once inside a network, bad actors can use stolen credentials or move laterally to gain illegitimate access to company assets and information.
Rich IoT targets include PACS (picture archive and communications system) servers that store critical patient data such as X-rays and other digital images, payment gateways for credit card processing, and other data gathering and aggregation frameworks.
Attivo Networks' Deception Platform is designed to detect cyber attackers, regardless of whether the attack is a targeted, stolen credential, ransomware, or insider threat, Kothari said. Customers can configure the Attivo Deception Platform to look identical to IoT systems based on XMPP, COAP, MQTT, HL7 and DICOM-based PACS servers in their networks, Kothari said.
The Attivo BOTsink engagement servers and decoys can then be customized to appear as production IoT sensors and servers, deceiving attackers into thinking they are authentic. By engaging with decoys and not with production devices, the attacker reveals himself and then can be quarantined and studied for detailed forensics that can be used for remediation and future prevention.
The Attivo Networks Deception Platform is available now. For more information, go here.