Attivo Networks, the leader in deception solutions for cybersecurity defense, today announced the release of its Adaptive Deception Campaigns, which use machine-learning to create and automate the deployment of campaigns that bolster deceptions to address the evolving threat landscape and ever-changing attack surface. Adaptive campaigns are unique to other security controls in that they change the asymmetry of attacks with their ability to change the network “game board” automatically or on demand based on suspicion that an attack is underway. This new power to reset deception throughout global networks at whim, gives security teams the offensive control to force the attacker to start over, make a mistake, give up or incur increased time and costs in their attempt to breach the network.
“Even if the attacker is close to checkmate, this reset will cause immediate uncertainty and dramatically increases the likelihood that their next move will be a mistake,” said Ed Amoroso, CEO, Tag Cyber LLC. “Regardless of whether they proceed as planned with attack, their chance of error dramatically increases. Plus, with the ability for dynamic deception to fire up new decoys where there is suspicious activity, the attacker’s odds of success continue to plummet.”
The threat canvas is constantly changing with more sophisticated human attackers and machine automated attacks designed to exploit company security weaknesses and prey on human error. Earlier this year, Attivo released its Camouflage framework, which set the foundation for applying machine learning to its deception synthetic network. Deception networks are commonly referred to as synthetic because they mimic production assets and appear as real assets, credentials or other target bait in order to obfuscate the attack surface. Dynamic deception makes these decoys high-interaction with real operating systems and “golden image” software (same images as production units) so that they blend in and are indistinguishable to the attacker. This is a vast improvement over early generation deception, which used emulated images based on low interaction and as such, were often easily detected. In its latest software release, Attivo took the Camouflage framework to the next level and applied the discovery and learning of the environment to now be able to auto-propose deception campaigns for simplifying the deployment and update of its network decoys, credential lures, and deception objects.
“It is not enough to only think like an attacker, one must know how to defend against them,” said Tushar Kothari, CEO Attivo Networks. “Attivo continues to pioneer new ground for global scalability and deception technology advancements that put the offensive advantage back into the hands of the security team. We are exceptionally pleased with this new release as it can completely befuddle attackers and stop them in their tracks.”
Redefining scalability, the introduction of Adaptive Campaigns fully automates the deployment process, empowering organizations with the ability to periodically or on demand create and update all deception in the network. Adaptive Campaigns deliver an uncomplicated approach to rolling out and inserting highly attractive deception in the same networks as production assets, at the click of a button. Additionally, if it is believed an attack is underway, the ability to completely reset the deception environment can be an instrumental offensive measure to gain the upper hand. Whether the attacker is gathering information or attempting to harvest credentials, an environment reset will create uncertainty for the attacker, escalate the chances of them making a mistake, and increase their costs as they are forced to restart or abandon their attack. Security teams can embrace the automation benefits of Adaptive Deception Campaigns confidently because Attivo deception architecture is not inline and doesn’t require agents on the endpoints and as such, its changes will not impact other network operations.
Attivo Adaptive Deception Campaigns provide breakthrough scalability, which is critical for large network deployment and for instantly resetting the attack surface to stop an attacker from successfully completing a breach. With this new functionality, Attivo customers gain the power to non-disruptively discover the production environment, quickly roll out a new deception layer, on demand reset the user “synthetic” network, and redistribute cloud or data center decoys or distributed specialized systems such as point-of-sale networks (POS), industrial control systems (ICS-SCADA) or Internet of Things (IOT) assets.