Startup Attivo Advocates for Deceptive Security Protection

  /     /     /  
Publicated : 22/11/2024   Category : security


Startup Attivo Advocates for Deceptive Security Protection


When it comes to security, how deceptive should enterprises be to thwart cybercriminals? Attivo Networks and a number of other security startups are advocating a different approach.



Is it next-generation threat detection? Is it counter-hacking? One thing we know is that its designed to lure hackers to a replica enterprise environment so that threats can be eliminated. Its deception.
Startups in this niche include
TrapX Security
,
GuardiCore
and
Attivo Networks
, which recently closed a Series C round for $21 million. (See
Attivo Goes On the Attack Against Hackers
.)
Why does this company exist? It really boils down to that a perimeter-based defense is just not reliable anymore, Carolyn Crandall, chief deception officer and CMO at Attivo Networks told Security Now. People can and will get into the network, and over the last couple of years, people are accepting that.
Crandall is adding her voice to a growing number of experts that agree the better strategy is to accept that penetration is inevitable and therefore the focus should be on protecting the data in the network, not erecting a fence.
(Source:
IamMrRob via Pixabay
)
One of the dangers is that hackers booted off the network can, according to Crandall, easily get straight back in. To counter this, a response at scale is required, and detection and response has become part of the security control stack. But detection is challenged because its tough to get arms around and decide with limited information what the most virulent threats are.
Threat detection is flawed
Apparently, standard threat detection technologies are flawed because they basically only generate alerts. However, they dont often provide information about the type and techniques of threats, or the tools used; its challenging to respond by, say, automating quarantine blocking or threat hunting to eradicate an attack.
Attivo lays traps in the network, optimized to encourage the disturbance of decoys by mirroring the existing environment so hackers think they have successfully accessed it. Crandall has seen a shift in the market from three years ago, when companies believed all they really needed was prevention.
Now people are shifting their budgets, theyre adopting detection, she said.
Decoys can be set up to look like endpoints, servers, POS networks, industrial control fuel sensors, or maybe direct infusion pumps at a hospital, Crandall added. We can take anything that runs an operating system and we can make the decoy look identical to production assets, by running on their software.
So, if the decoys are identical, how are the odds improved that a hacker will be snared?
Making decoys more pervasive than real network assets improves the chances that a hacker will engage. The decoy environment is not an emulation, but rather uses the same software as the real network, except sweetened, for example, with bogus assets such as honey docs.
Enterprise misconceptions about deception
Enterprises cant be blamed for making assumptions about deception technology, because its so new.
The first assumption is, if a company is less advanced with its security infrastructure, the belief that deception should be the last thing they would adopt. Typically, these are healthcare organization which have to economize because of small budgets.
Secondly, theres a feeling that integration of deception technology is far from straightforward. Aflack, an Attivo customer, motivated to try deception because it did not want to make headlines from security slips that reveal PI, apparently easily integrated deception into their security controls system for a single view.
If you had asked me two years ago if anybody would have had deception in their budget, it wouldnt have been [there], and not in their initiative list, Crandall said.
In 2018, the big difference will be that budgets will be earmarked and put into action, with extra incentive that for some firms, it helps with compliance, M&A strategy, is part of an insider threat strategy and/or is part of a supplier management strategy.
Come get me
Is deception encouraging attackers?
The current
Active Cyber Defense Certainty Act
(ACDC) hacker bill, proposed by Rep. Tom Graves of Georgia, who sits on the House Defense Committee, fundamentally poses the question: is an eye for an eye OK, when it comes to enterprises and consumers striking back?
Its unclear if theres the stomach or the expertise for users to hack back at attackers and try to retrieve lost data. There are stumbling blocks. Often, enterprises dont have white hackers on staff and would need to look elsewhere for help. Also, attribution is hard, so the chances of attacking the wrong person are extremely high.
Will they come back at you with greater vengeance? Crandall asked. The answer is maybe, but she recommends that companies keep their powder dry and use the counter intelligence they gather to fortify their own systems. If theres information for law enforcement, hand it over but dont act on it.
Deception is forecast to grow into a substantial market.
By 2018, 10 percent of enterprises will use deception tools and tactics, and actively participate in deception operations against attackers, Gartner analyst Lawrence Pingree wrote in a
recent report
.
On a Fox5 TV appearance this summer, Crandall predicted that, If we end up going at the pace we are, were going to have 1,500 breaches this year (in the US), compared to the 1,100 we had last year. Last year there were 4 billion records stolen.
In Security Nows
latest poll
, the largest percentage of readers (about 45%) said they would go on the attack against hackers.
Related posts:
A New Fence: The Software-Defined Perimeter
The 5 Nightmare (Breaches) Before Halloween
Risk & Reality Take Different Paths in Cybersecurity
— Simon Marshall, Technology Journalist, special to Security Now

Last News

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Startup Attivo Advocates for Deceptive Security Protection