Multi-Cloud Threat Detection Innovations Drive Cyber Deception Growth

February 4, 2020 Off By David
Object Storage

Attivo Networks, the award-winning leader in deception for cybersecurity threat detection, today announced significant market momentum for its cloud deception capabilities as new attack surfaces and security vulnerabilities continue to emerge within cloud-native or hybrid environments. Additionally, Cyber Defense Magazine recently named the Attivo ThreatDefend Platform a ‘Best Product’ for cloud security based on its ability to detect reconnaissance and lateral movement quickly, misdirect attacks, and generate engagement-based alerts on threats inside multi-cloud and serverless environments.

“Securing cloud environments comes with its own set of very specific requirements,” stated Srikant Vissamsetti, SVP, engineering of Attivo Networks. “We worked closely with our customer base to develop innovations that address the growing use of multi-cloud environments and the deployment of serverless technology. We are extremely pleased with the advantages our customers are experiencing in reducing their time to detection and speed in which they can respond to attacks.”

“Very rarely do you see technology that is both very easy to use and quick time to value – usually if you have one, you do not have the other,” said a CISO of a Fortune 500 Financial Services Firm. “Attivo was that unicorn technology where it was very easy to deploy and use. We were receiving value a few hours into our deployment.”

“We selected Attivo Networks for their global leadership and innovative work in threat detection technology,” said Gary Miliefsky, Publisher of Cyber Defense Magazine. “Data stored in the cloud is increasingly being targeted by both internal and external attackers,” he added. “We are impressed by Attivo’s ability to accurately and universally protect their client’s data and infrastructure, regardless of the cloud environment they have chosen.”

Validating the demand for deception-based detection, a recent Enterprise Management Associates survey found increased use of deception technology across the cloud (27%). These findings are consistent both with Attivo customer cloud deployments and as seen in a detection survey conducted in 2018 by Attivo Networks, where 62% of respondents rated cloud as the top attack surface of concern.

The 2019 SANS State of Cloud Security report further validated increasing cloud security challenges with 31% of organizations reporting that they had experienced unauthorized access to cloud environments or cloud assets by outsiders, compared with just 19% in 2017. To address this heightened risk, organizations are actively using deception technology to increase visibility and for early detection of attacks targeting cloud assets, data lakes, serverless and container-based architectures.

Leading detection innovation for the cloud, Attivo Networks has built customization solutions specifically for dynamic cloud environments and shared security models, so that customers can universally detect and defend against external, insider, and supplier threats found within Amazon Web Services (AWS), Microsoft Azure, Oracle Cloud, and Google Cloud Platforms (GCP).

Attivo cloud deception innovations include the ability to:

  • Place fake user and admin credentials and other access tokens that lure the adversary into the deception environment and raise an immediate alert of intrusion.
  • Set decoy landmines throughout the cloud network that trigger an alert when threat actors attempt to access decoy applications, storage buckets, databases, systems, or documents.
  • Create cloud-specific deceptions such as decoy storage buckets, containerized applications, cloud-based applications, and serverless functions to detect attacker activity targeting these objects.
  • Provide Active Directory (AD) deceptions that include fake AD environments, as well as the ability to alter query results to lead attackers to the decoys. Organizations can now conceal valuable enterprise resource information and derail attacks without impacting production as attackers will be unable to tell real from fake or to trust in their tools.
  • Redirect malicious activities and policy violations into the deception environment so that the organization can safely study the attack and gather Tactics, Techniques, and Procedures (TTPs), along with company-specific threat intelligence.
  • Offer a consolidated view of threats and facilitate third-party integrations for automated blocking, isolation, and threat hunting. Findings can also feed into standard SOC tools.