Traditional attacker prevention isn’t reliably working given the number of breaches that are occurring nearly every week. Attivo Networks takes a new approach by using deception-based detection to efficiently detect in-network threats that have bypassed traditional prevention security controls. Additionally, the ThreatDefend platform automates the analysis and incident handling of attacks, significantly improving incident response time. Below is our interview with Carolyn Crandall, CMO at Attivo Networks:
Q: Carolyn, you’ve recently announced $15 Million Series B funding round; could you tell us something more?
A: Attivo Networks has seen significant interest and sales growth for deception-based threat detection over the past two years. The growing market opportunity and the technology leadership Attivo has created was extremely attractive to new investors. This infusion of capital will be used to fuel the next round of Attivo sales expansion and additional technology development.
The $15M in Series B funding included investments from Omidyar Technology Ventures, Bain Capital Ventures, Trident Capital Cybersecurity and Macnica Ventures.
Our $8M in Series A funding was completed in April 2015 and led by Bain Capital Ventures.
Q: Could you provide our readers with a brief introduction to Attivo Networks?
A: Attivo does this by delivering visibility to in-network threats, exposed attack paths, and through attack sequence visualization and replay. Additionally, Attivo automates attack analysis and reporting, while providing incident response automation through 3rd party integrations (Firewall, NAC, End-point, SIEM).
The solution is highly effective in detecting threats from all vectors including insider, stolen credentials, man-in-the-middle, ransomware, phishing, and advanced threats that are lurking within all types of networks including user networks, data centers, cloud, and specialty environments such as IoT/SCADA/POS.
Top vertical markets include: Financial, Healthcare, Technology, Energy, Retail, Government.
Top use cases include:
1. Early and Accurate Detection
• In-network Lateral Movement
• Stolen Credential & Man-in-the-Middle Attacks
• Insider, 3rd Party, Acquisition Integration
• Specialized Environments Detection IOT (medical devices), POS, SCADA
• Cloud and Data Center Security
2. Visibility and Streamlining Incident Response
• Exposed Credential & Attack Path Assessment
• Automation of Attack Analysis
• Evidence-based alerts & Incident Response Automations
Q: Could you tell us how your sophisticated deception technology works?
A: The Attivo ThreatDefend platform is designed to deceive an attacker into interacting with our deception servers. It is modular so organizations can add to the solution as needed to provide network decoys, end-point detection, network and attack path visibility, automated incident response and playbooks. The end result is that attackers, in order avoid being detected, now must be “right” 100 percent of the time or risk having their presence discovered.
The solution starts with the Attivo BOTsink® solution, which uses dynamic deception and a matrix of distributed decoy systems and lures to turn an entire network into a trap that is designed to deceive in-network attackers into revealing themselves. The solution provides attack analysis, actionable alerts, and a dashboard to view and respond to threats.
The Attivo ThreatStrike Endpoint Solution is a customizable and non-intrusive deception-based detection technology that is used to detect targeted attacks on end-points and servers. It is an agentless technology that plants deception credentials, lures, and deception mapped and networked drives (as bait for ransomware or wiper attacks like WannaCry and Petya/NotPetya) that are used to misdirect and reveal attackers.
The ThreatPath solution provides attack path vulnerability assessments based on likely attack paths an attacker can traverse via misconfigured systems or credential misuse. Visual illustrations of attacker paths provide insight into risks, and clickable drill downs detail weaknesses and IP addresses for systems needing to be isolated and/or fixed.
The ThreatOps platform is designed to accelerate incident response by automatically taking disparate attack information and correlating and displaying it within one dashboard, where attacks can be scored according to severity and playbooks created. The playbooks can be used to create repeatable processes, simplifying incident response. Through 3rd party integration with prevention systems (Firewall, NAC, End-point, SIEM), attacks will automatically be blocked and quarantined, expediting response actions and preventing the attack from continuing to spread through the network. Additionally, through an Attivo end-point agent or through integration with end-point companies like Carbon Black, ForeScout, and McAfee information is shared, empowering customers to threat hunt for forensic artifacts in other parts of the network and confirm that they have eradicated the attack.
Q: Can you give us more insights into your services?
A: The Attivo ThreatDefend Detection Platform is a new class of deception-based threat detection that ups the game against attackers. The ThreatDefend platform is recognized for its comprehensive network and endpoint-based deception, which turns user networks, data centers, cloud, remote offices, and specialty environments such as IOT, ICS-SCADA, and POS systems into a “hall of mirrors” environment based on traps, lures, and breadcrumbs that will confuse, misdirect, and reveal the presence of attackers. Designed for efficiency, the is built for dynamic deception, which will use machine-learning to learn environments, refresh deceptions, and respin after attacker engagement to avoid attacker fingerprinting. The platform is built for continuous threat management, which starts with deception-based detection of in-network threats and adds in automated attack analysis, forensic reporting, and 3rd party integrations (Firewall, NAC, end-point, SIEM) to accelerate incident response (block, quarantine, threat hunt). Visibility tools empower organizations to proactively strengthen overall security defenses by showing exposed attack paths and attacker movement in time-lapsed replay.
The ThreatDefend Platform is comprised of Attivo BOTsink engagement servers, decoys, and deceptions and the Multi- Correlation Detection Engine (MCDE), the ThreatStrike end-point deception suite, the Attivo Central Manager (ACM), ThreatPath and ThreatOps, which together create a comprehensive early detection and continuous threat management defense against today’s advanced threat actors.
Q: What is your plan for the next 12 months?
A: Over the next 12 months, Attivo Networks will continue to grow its customer base with companies of all sizes as well as the U.S. government. Attivo is one of the few deception companies authorized to sell into government agencies based on strict guidelines. At the same time, we will continue to educate the market on the value of deception and its benefits of visibility, early detection, and automations that reduce the time and complexity of incident response.
Additionally, Attivo Networks will continue to enhance the ThreatDefend platform, providing organizations the required tools to efficiently detect, defend, and respond to attacks from all attack types and phases, and an evolving set of attacker techniques. The company will continue its commitment to an adaptive defense with automated 3rd party attack information sharing, which can be applied to automate incident response and create repeatable incident handling playbooks.Activate Social Media: