CIOREVIEW >> Cyber Security >>

Attivo Networks has Launched Endpoint Capabilities that Catch Attackers at Hello

By CIOReview | Monday, July 27, 2020
Tushar Kothari, CEO

Tushar Kothari, CEO

Endpoint Detection Net Solution Raises the parallel movement detection bar, detecting the techniques that other security controls miss.

FREMONT, CA: Attivo Networks, a company that provides cyber deception and attacker lateral movement threat detection, introduced today's new capabilities to its Endpoint Detection Net (EDN) solution that prevents attackers from fingerprinting an endpoint to identify security weaknesses and from conducting reconnaissance. Attackers use fingerprinting to identify targets, decide which vulnerabilities to exploit, and determine how to interact with them successfully. Unlike traditional security solutions, the new capabilities proactively redirect suspicious endpoint inbound or outbound traffic to decoys for attacker engagement.

The EDN Deflect function can warn regarding unauthorized host and service scanning, which is critical because other security controls typically do not generate an alert for these activities. Cyber attackers attempts  to fingerprint an endpoint are regularly missed due to the complexity of tracking, analyzing, and alerting all of an endpoint's communications traffic. These new deflection capabilities efficiently and accurately detect network and application fingerprinting and lateral movement, closing one more attack vector that threat actors are increasingly leveraging.

When there's a breach of an endpoint to get a foothold inside a network (known as "breakout time" and estimated to average just under nine hours), they spread to other systems by probing for open ports and fingerprinting network services. Furthermore, research shows that only 4 percent of reconnaissance activity generates an alert, and security controls miss 54 percent of techniques used to test lateral movement detection. The EDN solution can identify all connection and reconnaissance attempts and isolate the attacker by redirecting them to decoys for engagement, without interfering with production services or ports.

"The EDN Deflect feature increases the resistance in the network by preventing an attacker from moving laterally and fingerprinting network and application services," says VenuVissamsetty, vice president of security research, Attivo Networks. "By detecting unauthorized ingress and egress connections both at the source and at the destination, security defenders gain real-time visibility along with conclusive detection alerts."

Attackers fingerprint target hosts by probing for open ports they can attack (HTTP/HTTPS, remote desktop, SSH, MSSQL, and so on). Then, they either run exploits against their vulnerabilities or find misconfigurations or weak passwords to compromise them. The Attivo Deflect function gives power back to the defender by:

- Redirecting attackers scanning closed ports on protected hosts to decoys for engagement

- Redirecting failed outbound connections from protected endpoints to decoys for engagement

- Making every endpoint a trap and preventing fingerprinting of network services

- Providing real-time visibility and conclusive detection into every attack before it moves off an endpoint

- Providing active detection and prevention capabilities at both the source and destination

- Isolating and investigating suspicious endpoints without external tools