Deception Security Provider Attivo Now Has AWS Deployment

By Chris Preimesberger  |  Posted 2015-09-02 Print this article Print

Attivo's BOTsink uses deception to detect threats within all network and data center environments--on premises or in the AWS cloud.

Attivo Networks, which uses a "lure-the-bad-guys-in-and-trap-them" approach to securing IT networks, has always provided an on-premises, loaded-on-a-server product. Now it is scaling globally, thanks to new support from Amazon Web Services.

The Fremont, Calif.-based company on Sept. 2 launched what it calls "the industry's first globally scalable deception technology solution" that detects inside-the-network threats across an enterprise and private and public clouds. It will do this first on the AWS cloud, by far the world's largest cloud-service provider; deployment connections to other clouds are in the works.

Attivo's BOTsink platform aims to detect threats within all network and data center environments. The new Attivo Central Manager within the platform provides a universal control console and centralization of threat intelligence for its global BOTsink deployments, the company said.

"To be effective, it's critical that customers can use our solutions over a public cloud in addition to their enterprise network and private clouds," CEO Tushar Kothari said. "The ability to manage global BOTsink deployments and threat intelligence from a central location are critical requirements for Attivo Fortune 500 customers."

To supply a little context: Attivo uses a deception-type approach in its security—only the company expands it from only on-premises servers and storage to an entire network. The trap in a network set up with intentional vulnerabilities; its purpose is to invite attack, so that a hacker's activities and methods can be studied and that information used to increase network security.

Deception schemes draw the attacker in, study his methodology, hook the bad actor on data that looks valuable, then slams the door and locks him up in quarantine within the system.

Key functionalities of Attivo BOTsink include:

--Advanced active deception is based on real operating systems and full services. For increased authenticity, customers are also provided the option to completely customize their BOTsink detection environment by importing a golden image of their current production machines.

--Going beyond basic detection, Attivo BOTsink will engage the BOT or APT and provides the option to open a port to the attacker command-and-control server to gain a deeper understanding of attack information.

--As the advanced threat intelligence dashboard manages alerts, IOC reporting can be sent to prevention solutions to shut down a current attack and prevent future attacks.

--The new Attivo Central Manager can configure, manage and view events from large deployed BOTsink solutions with a single console.

Attivo's new appliance and VM offerings include: BOTsink 5100 with support for 100 VLANs and BOTsink 3200 for 32 VLANS. For more information, go here.

Chris Preimesberger

Chris Preimesberger is Editor of Features & Analysis at eWEEK. Twitter: @editingwhiz
Join us for our next eWEEKChat Sept.9: "Explaining Digital Money: Bitcoin, Blockchain, Apple Pay and Samsung Pay."


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel