Attivo Networks has announced today that the company has further enhanced its portfolio with advanced deception techniques designed to accurately detect and derail sophisticated attacks targeting serverless applications in cloud and data center environments. Designed for the dynamic nature of cloud environments and shared security models, organizations can now add a proactive defense across traditional data centers and within popular public cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Serverless and container architectures are rapidly growing in popularity based on their ability to dynamically scale and improve utilization of server resources. However, as with many new technologies, these architectures have advanced ahead of traditional security controls, leaving gaps for attackers to exploit. These ThreatDefend™ platform enhancements break new ground in threat detection by covering all attack surfaces and reducing cloud security risks resulting from gaps left by legacy enterprise tools. ThreatDefend delivers a scalable deception-based defense for the early and accurate detection of credential theft attempts, in-network lateral movement, and advanced attacks targeting critical servers and databases.
“Detecting cloud-based, in-network threats and the lateral movement of attackers has been challenging for legacy security controls,” said Tushar Kothari, CEO of Attivo Networks. “By working closely with our customers, Attivo has developed new functionality that accurately closes detection gaps and reduces risks, further empowering organizations to leverage the maximum benefits of public cloud environments.”
This new functionality builds upon the company’s ThreatDefend deception portfolio, which provides extensive network, endpoint, application, and data deceptions for servers, cloud, user networks, and specialized environments such as IoT, SCADA, POS, network, and telecommunications. Unlike other detection methods that must rely on signatures, behavioral analysis, or database look-ups, Attivo Networks deception technology provides a preemptive defense based on decoy traps and lures. The solution proactively deceives and misdirects an attacker into revealing their presence. Additionally, since the platform is built with data center scalability in mind, it can easily operate without reliance on physical and virtual machine architectures.
The new enhancements expand deception decoys and lures for containers, serverless, and cloud shared security models, which will provide scalable detection of attacker lateral movement, credential harvesting, and a means to verify security controls. Platform enrichments also includes support for Lambda functions and CloudWatch/SIEM monitoring for finding attempted use of deception credentials.
“Over the past few years, organizations are increasingly migrating their data, servers, networks, and applications to the cloud. Unfortunately, cyber attackers have observed this as well, which has resulted in cloud becoming the new battleground for cybercrime,” said Tony Cole, Chief Technology Officer at Attivo Networks. “With this in mind, we have enhanced the ThreatDefend platform to extend visibility into serverless and container environments, providing organizations with the means to detect threats early, respond to attackers quickly, and build proactive defenses against the adversary.”
The solution works by creating decoys that appear as production containers and by creating deceptive credentials, which can be embedded in container data sources. Then, the solution entices in-network attackers with highly authentic looking credentials, decoys, applications, and database deceptions designed to attract adversaries into engaging. Any engagement with the deception environment will result in a high-fidelity alert and the collection of threat intelligence; it will also efficiently pick up policy violations from both the organization and its providers. Through the deception environment’s collection of attack forensics, organizations will gain valuable insight into attacker intent and threat intelligence required for blocking attacks, threat hunting, and returning adversary mitigation. This announcement represents one more step taken by Attivo Networks to provide the ultimate flexibility in choice when migrating to container or serverless cloud computing environments.
TagsAttivo Networks GITEX Edit Post
