Attivo Networks specializes in messing up things inside IT systems—for would-be cyber-intruders, that is.
The Fremont, Calif.-based deception-security provider, which creates bogus but believable copies of IT systems in order to catch and contain unwanted cyber-criminals, on Sept. 30 launched Attivo Camouflage, a next-generation approach that uses self-learning to automatically alter itself, constantly generating fresh “bait” for attackers.
Attivo Camouflage uses its home-developed Dynamic Behavioral Deception to generate lures and decoys that are identical to real assets while continually evolving and scaling alongside the real computing environments it is protecting.
This new enhancement to the Attivo service complements the company’s Deception Platform that supports user networks, data centers, cloud and ICS-SCADA (Industrial Control Systems-Supervisory Control and Data Acquisition) environments, CEO Tushar Kothari told eWEEK.
Too Realistic for Intruders to Pass Up
“Deception needs to be dynamic to remain authentic and attractive to an attacker,” said Kothari. “It needs to blend in so that it is undisguisable from its surroundings. This new technology continually monitors, molds and refreshes the deception environment, making it impossible for attackers to profile our deception and too realistic to pass up.”
Dynamic Behavioral Deception, Kothari said, has four components:
—Self-learning: It learns the unique behavior of disparate networks, their applications and their device profiles. It is able to distinguish, for example, the difference between an IoT medical device, a SCADA environment or an enterprise network.
—Intelligent deployment: As it continues to learn, the technology matches network behavior, mimics devices, and deploys deceptive credentials and assets that are extremely authentic.
—Continuous monitoring: Every aspect of the deception environment is monitored to determine when updates are required, credentials refreshed and new deception decoys deployed.
—Dynamically re-spin deception: Following any attack, new deception is deployed and the entire deception environment is automatically refreshed. This prevents “fingerprinting” by attackers who would then know what to avoid.
Deception Elements Blend Into the Environment
Ultimately, behavioral deception means that all deception elements can be created to blend into the environment and become indistinguishable; that deceptive environments can continuously evolve and scale; and that attackers can’t defeat the deception by trying to profile it, Kothari said. This all happens automatically and without human intervention.
Attivo Networks’ Deception Platform is designed to detect cyber-attackers, regardless of whether the attack is a targeted, stolen credential, ransomware or insider threat, Kothari said. Customers can configure the Attivo Deception Platform to look identical to IoT systems based on XMPP, COAP, MQTT, HL7 and DICOM-based PACS servers in their networks, Kothari said.
“My favorite phone calls came from a customer sharing his story of how Attivo deception was able to deceive their Red Team into engaging with deception credentials or decoys and how the security operations team was able to track and report on their every move,” Kothari said.
For more information, go here.