Why Threat Deception Technology Adoption is Soaring
by Carolyn Crandall, Chief Deception Officer, Attivo Networks
Attivo Networks Company Profile:
Attivo Networks, an early innovator in commercial-grade threat deception technology, has seen growth soar as an enterprise, midmarket, and government agencies rapidly adopt deception technology. Customers commonly cite that they have successfully reduced cybersecurity risks by closing detection gaps and reducing attack dwell time experienced when an adversary is able to bypass perimeter defenses. Attivo Networks leads in deception technology innovation and over the last 2 years has been recognized with over 70 awards for its products, leadership, and market impact. The company has also received elite recognition as a Cool Vendor by Gartner, Inc. and was recognized in 2018 as #31 on the Deloitte Technology ™ Fast 500 list, which recognizes companies for their growth, cutting edge technology, and the ability to transform the way we do business. Deception Market Profile: Customers across all industries are deploying Attivo technology as part of their overall digital risk management strategies and for IT risk reduction related to detecting threats within cloud shared-security models, legacy and emerging technology environments, and to address today’s threatscape in which attackers are using more targeted and sophisticated attack methods. It is forecasted that deception technology adoption will soar 684% in 2019 as it becomes a de facto security control for both enterprise and government entities. The breadth and depth of the Attivo Networks portfolio positions the company exceptionally well to address this growing market demand.
What Drives Attivo Deception Technology Adoption:
Unlike other security solutions, Attivo focuses on detecting the threats that have bypassed perimeter security controls, which all determined attackers eventually do. Highly authentic deception traps, along with data, application, and credential lures are deployed to attract an attacker into engaging and revealing their presence. This is quick, efficient, and customers have cited being able to detect and respond to threats in 15 minutes, a dramatic difference compared to the 100+ days of dwell time that many organizations contend with. The solution also adds continuous detection value throughout the phases of the kill chain.
Additionally, innovation continues to outpace security, as evidenced by IoT devices outnumbering humans and cloud deployments winning on economics over security. Industrial control and medical device technologies are now being connected to the internet with high vulnerability profiles and inadequate security controls, presenting a tremendous risk to human safety. Deception technology provides continuous visibility into security control efficacy from legacy environments to the most modern attack surfaces. Lures will entice, and decoys will alert on attackers targeting these devices, mitigating risk within these inherently less secure environments.
Prior investments made for in-network threat detection have been historically low, driven by detection technologies that generated false alarms or were limited to only detecting known attacks. Attivo brings forward a different approach to detection, which provides tremendous value based on its ability to accurately detect threats, raise only high- fidelity substantiated alerts, and provide native integrations for automated incident response.
Deception technology provides organizations the ability to create a proactive defense against the adversary. This includes setting decoy landmines lying in wait for the attacker, proactive luring for revealing in-network attackers, and the ability to collect rich adversary intelligence that can be used to verify eradication of threats, mitigation of returning perpetrators, and fortifying overall defenses. DecoyDocs can also be insightful for understanding what an attacker is targeting and the geolocation of opened documents.
Attivo commercial-grade deception has removed prior scalability and operational management barriers that had limited the adoption of earlier deception technologies. The company’s use of machine self-learning automates the preparation, deployment, and ongoing maintenance of the deception environment and the solution’s flexible architecture makes deploying across datacenters, cloud, user networks, remote locations, and specialized networks quick and easy. It is now so simple that customers report that it takes less than 5% of one FTE’s time to manage the Attivo deception platform. It is notable that Gartner is recommending deception technology as a top 10 strategic technology trend for 2018 and views Attivo Networks as a market leader with the most mature and comprehensive portfolio.
Attivo ThreatDefend™ Deception and Response Solution:
The ThreatDefend™ Platform provides a powerful security control for early threat detection and for applying a proactive defense that can be used to change the asymmetry of an attack. As the most comprehensive and scalable platform on the market, Attivo dynamic traps, bait, and lures provide threat deception for today’s evolving attack surfaces including networks, cloud, data centers, remote offices, and specialized environments such as IoT, medical IoT, ICS-SCADA, POS, infrastructure, and telecommunications. By creating attractive and believable decoys, the solution turns the network into a virtual “hall of mirrors,” that disrupts an attacker’s reality and imposes increased cost as they are forced to decipher real from fake. One small mistake will reveal the attacker’s presence and force them to start over or abandon their efforts altogether. The ThreatDefend architectural approach also removes the debate of whether deception is best suited at the endpoint or within the network by providing both. Deployment at the endpoint and at the network level provides early and accurate detection of attacks from all threat vectors including reconnaissance, credential theft, Active Directory, and complex man-in-the-middle attacks. The company has also pioneered machine self-learning which automates the preparation, deployment, and maintenance of the deception environment. Ease of management combined with actionable high-fidelity alerts makes the ThreatDefend solution simple for organizations of all sizes to operate, without the need for adding incremental resources.
Attivo ThreatDefend Solution Differentiation
Unlike traditional detection offerings, the ThreatDefend platform doesn’t stop with detection alerts and goes further to provide organizations with tools for an Active Defense. Organizations also gain attacker threat intelligence for simplified incident response, threat hunting, and returning adversary risk mitigation. The ThreatDefend high-interaction attack analysis engine automatically correlates information, generates
incident tracking reports along with an insight into attack path and lateral movement. The collection of attacker TTPs, IOCs, and counterintelligence deliver invaluable intel into attacker capabilities, goals, and the information they are seeking to exfiltrate, which can be applied to stop perpetrators and to fortify defenses. The platform’s extensive native 3rd- party integrations automate the sharing of IOC information, accelerate incident handling, and create repeatable incident response playbooks for efficiency in threat remediation.
Throughout history, deception has been used in military warfare, sports, and gambling to outsmart adversaries. Attivo Networks is now successfully applying threat deception in cybersecurity and empowering organizations of all sizes and industries to gain the upper hand against attackers. Please visit www.attivonetworks. com for more information or read the company blogs here.
About the Author
Carolyn Crandall is the Chief Deception Officer/CMO of Attivo Networks. She is a technology executive with over 25 years of experience in building emerging technology markets in security, networking, and storage industries. She has a demonstrated track record of successfully taking companies from pre-IPO through to multibillion-dollar sales and has held leadership positions at Cisco, Juniper Networks, Nimble Storage, Riverbed, and Seagate. Carolyn is recognized as a global thought leader in technology trends and for building strategies that connect technology with customers to solve difficult information technology challenges. Her current focus is on breach risk mitigation by teaching organizations how to shift from a prevention-based security infrastructure to one of an active security defense based on the adoption of deception- based technology. As the Chief Deception Officer at Attivo Networks, she is an active evangelist on security innovation and speaker at CISO forums and industry events. She has been a guest on Fox News and has presented at the CSO50 Conference, ISSA International, NH-ISAC, ISMG Healthcare Summit, Santa Clara University, and on multiple technology education webinars. She is also an active blogger and byline contributor. 2018 Reboot Leadership Honoree (CIO/C-Suite): SC Media
2018 Marketing Hall of Femme Honoree: DMN
2018 Business Woman of the Year: CEO Today Magazine Power Woman: Everything Channel (CRN): 7 years