How Attivo Networks is Raising the Bar on Honeynet Security

By Chris Preimesberger  |  Posted 2015-07-22 Print this article Print

CEO: "Essentially we have a full platter of cheese with all the different varieties; then we watch and see if somebody comes and bites it."

If ever there was a need for new ideas in IT security, the time is now.  All one has to do is mention hacking victims like Target, Home Depot, Sony and the IRS, and the images come wincingly to mind.

It's pretty obvious that passwords, firewalls and private networks simply aren't going to cut it anymore. It's all too easy for even a semi-sophisticated cyber-criminal to scan for passwords and find back doors into Shangri-Las of personal and business data that sooner or later amount  to illicit money in his bank account.

Well, truth be told, there are some new ideas coming that may finally cut the bad guys off at the pass before they can do significant damage. Most of these initiatives involve proactive schemes that use analytics to predict what might happen in a data breach, assess risk and either warn the stakeholder, halt the action in progress, or both. Others are more data-centric, guarding individual items within a store and sending out alarms if anything is moved by someone who shouldn't be doing any moving.

Four-year-old startup Attivo Networks of Fremont, Calif. is one of those new-gen thought leaders, bringing its own approach to security in a sector called honeynets. A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that a hacker's activities and methods can be studied and that information used to increase network security.

How a Honeynet Works

Honeynets draw the attacker in, study his methodology, hook the bad actor on data that looks valuable, then slams the door and locks him up in quarantine within the system. Attivo is a self-contained, on-premises-only installation that works throughout a network.

Attivo Networks is getting so much attention lately that it may soon become known as Honeynets R Us.  The company, which has only been shipping product since mid-2014, nonetheless has a list of marquee-type clients in the financial services, health care and IT industries.

Attivo landed an $8 million venture capital influx from Bain Capital Ventures last April to add to an original $8 million from an angel investor.

"In just the last few years, we're seeing the market now coming to us, whereas they realize that just doing prevention by itself is not enough," CEO Tushar Kothari, a 25-year veteran of IT business and financial management, told eWEEK. "They now know that they need to detect a breach before it can do significant damage. In the last 12 months we've seen the headlines indicating the issues created by those breaches and the damage done to those companies."

Most conventional solutions are not efficient enough to detect those breaches quickly. "In most cases, it takes six months-plus to find out that they've been breached," Kothari said.

Attivo Gaining a Following

Attivo is not exactly a household name in the Silicon Valley -- or elsewhere, for that matter -- but it is gaining a track record. As one might imagine, it has a number of customers who would rather not let the world know that they are using a honeynet package.

Honeypots and honeynets aren't exactly new, but the all-encompassing way Attivo Networks is using the genre to go with some patented components is a singular approach.

Here's how Attivo Networks works inside an IT network:

--Lures bots and advanced persistent threats (APTs), scanning or targeting valuable corporate assets to "attack" Attivo’s high-value self-sustaining honeynet;

--Detects and identifies bot and APT infections that already exist inside the network;

--Isolates bot and APT activities, including sleeper and timed triggered agents, before damage to network assets;

--Alerts validate bot and APT threats with intelligence to take immediate action, and

--Provides full forensics on each attack to help extract signatures, determine tactics, techniques and procedures throughout malware lifecycle.


Chris Preimesberger

Chris Preimesberger is Editor of Features & Analysis at eWEEK. Twitter: @editingwhiz
Join us for our next eWEEKChat Aug. 12: "Social Networks: How They Can Help or Hinder Enterprises."


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel