How Attivo Networks is Raising the Bar on Honeynet Security

By Chris Preimesberger  |  Posted 2015-07-22 Print this article Print

Multiple Linux, Windows Versions in the Trap

Attivo can turn off servers, routers or other devices as needed when they are compromised, Kothari said. The software uses three versions of Linux, three versions of Windows, and runs a list of services on them to provide the honeynet.  

"Once a device is infected (in an exploit), then it will look for services and servers it was designed to exploit. We take some unused IP addresses in every subnet, and present ourselves multiple times across networks and across every device as a very attractive target," Kothari said.

"Essentially we have a full platter of cheese with all the different varieties; underneath it is a very sophisticated technology that comes pre-positioned. Then we watch and see if somebody comes and bites it."

When an attacker does bite, he doesn't know what hit him, because the system is invisible.

Kothari said Attivo protects systems against zero-day exploits. A zero-day vulnerability refers to a hole in software that is unknown to the system owner. This hole is exploited by hackers before the vendor becomes aware and hurries to fix it; this exploit is called a zero-day attack.

Stops Zero-Day Exploits

"We are ideal for zero-day attacks because we are not relying on any prior knowledge of the attack. All we are doing is watching our own servers to see who's attacking us, so we don't need any signature or anything else to compare," Kothari said. "So there are no false positives."

Kothari, who joined the company in 2013, said that Attivo installs and works well with existing security infrastructure and does not interfere with network operations. It can be deployed either on a physical commodity server appliance or as a virtual appliance, he said.

Along with Kothari, the Attivo team includes serial entrepreneur and Executive Vice-President Mano Murthy, and Srikant Vissamsetti, senior vice president of engineering.

Earlier this year, Attivo landed a well-known Silicon Valley name in Enrique Salem, former president and CEO of Symantec, for its board of directors. Salem is managing director of Bain Capital Ventures.

Go here for more information.


Chris Preimesberger

Chris Preimesberger is Editor of Features & Analysis at eWEEK. Twitter: @editingwhiz
Join us for our next eWEEKChat Aug. 12: "Social Networks: How They Can Help or Hinder Enterprises."


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel