The threat landscape is changing, as are the attackers themselves. Attackers are becoming more skilled and finding new ways to tiptoe past an organization's perimeter. As organizations move their data to the Cloud, borders have become fuzzy and blurred with employees working remotely and checking e-mail on their mobile devices. Additionally, more everyday appliances are acquiring 'Smart' technology, meaning they are connected to the network and are therefore potential infiltration points. Even a company's break room refrigerator could become an attack target. While endpoint security alone is ineffective in today's always-connected environment, Deception works from within the network and functions with today's indistinct perimeters.
Deception Technology and Network Security Decoys
Deception Technology lures attackers to strategically placed, heavily-instrumented decoys throughout the network. When an attacker trips over one of these decoys, the solution is triggered to begin generating reports and recording the attacker's actions, providing reliable forensics to see what attackers are doing and where they are going in the network. Information provided allows security personnel to see what parts of the network attackers find attractive and enables predictive defense for when the attackers inevitably return.
Protection Network Infrastructure: On-Prem and Cloud
Attivo Networks' Deception Fabric covers the entire network - device endpoints, in-network, and in the Cloud. Endpoint decoys include false credentials, deceptive file shares, and 'breadcrumbs' leading an attacker deeper into traps. As soon as an attacker enters invalid credentials, Active Directory Recon notices the bogus credentials and triggers a response. In-network decoys can trick an attacker into thinking they are infiltrating the network through one of many types of devices - IoT devices, cameras, phones, routers, switches, or any 'Smart' device can be spoofed to misdirect an attack. Cloud data decoys can be placed in an internal private cloud, or a public cloud such as AWS, Azure, or Google. For example, false credential data can be placed in the Cloud, or fake credentials can be created that lead to other decoy cloud data.
Machine Learning with Centralized Management
It is a common misconception that Deception Technology is cumbersome. Machine learning, centralized management, and ubiquitous computing make Attivo Networks' solution easy to deploy. Setup can be completed in just an hour or two. The solution is dropped into place and set to listen, so it finds the VLANs it needs to protect. Within a brief period, the solution identifies what lives on which VLAN and offers a series of suggestions on how to protect your network. While some people believe that Deception is a "nice to have," rather than a "need to have" solution, the reality is that Deception is customer-proven to close the detection gap and improve security for inside-the-network threats.