Attivo Gets Unconventional About Attack Surfaces

New Decoy Capabilities Added to Deceive Attackers Seeking Back Alley Points of Entry

FREMONT, Calif., Aug. 01, 2018 (GLOBE NEWSWIRE) -- Attivo Networks®, the award-winning leader in deception for cybersecurity threat detection, announced today that the company has enhanced its portfolio with new deception techniques designed to derail attacks targeting non-traditional attack surfaces. In addition to Internet-of-Things (IoT) and operational technology, attackers are now targeting devices and applications that can be harder to secure than standard servers and desktops. These devices and applications are increasingly being targeted by adversaries looking for the weak link in an organization’s network. The company’s new technology enhancements will provide organizations the comprehensive threat detection coverage required for today’s age of ever-evolving attack surfaces and threat landscape.

This announcement builds upon the company’s current ThreatDefend™ deception portfolio, which already supports servers, cloud, user networks, and specialized environments such as IoT, SCADA, and POS. Attivo deception works by creating decoys, application, data, and credential bait designed to deceive and misdirect an attacker into engaging. Environmental authenticity is critical for tricking the attacker. Regardless of the operating environment, Attivo decoys can be set up to mirror match the production environment. This is achieved by creating decoys that share the same network characteristics and run the same operating systems, services, and applications as seen in the specific environment, making decoys indistinguishable from company assets. With traps and lures throughout the phases of an attack, deception quickly reveals an attacker’s presence in the network as they look to harvest credentials, recon the network or attempt to move laterally to escalate their attack.

“It is clear that attackers are becoming increasingly sophisticated and with the strong adoption of deception technology, they are beginning to anticipate deception technology in corporate networks,” said Tushar Kothari, CEO of Attivo Networks. “As a result, it is imperative that deception is authentic to be attractive to attackers and effective at deceiving them. Attivo anticipated this and has added specialized device and application decoys for early detection of attacks and real-time visibility into attacker activity, regardless of threat vector.”

Specialized Devices

Attivo has added the following to its specialized device deceptions. Current specialized decoys include IoT, Medical IoT, POS, and ICS-SCADA devices.

  • Cisco Routers: native decoys for virtual Cisco routers
  • Cisco Switches: native decoys for virtual Cisco switches
  • Cisco Telephony Network Devices: native decoys for virtual CUCM Cisco telephony

Network devices have their own sets of vulnerabilities, and attackers target these systems because organizations don’t often replace them once installed. With network device decoys, organizations now have a way to alert when attackers target their network communications infrastructures.

Specialized Services and Applications
Attivo has added the following specialized services and application deceptions. Current specialized applications include web services, remote access, file transfer, database, and SWIFT web application deceptions.

  • Camera Streaming Server: native support for Real Time Streaming Protocol
  • Docker Apps: TD and native support for containerized apps
  • Big Data: native support for MongoDB, Elastic Search, and Redis
  • Retail Web Portal: native support for web portal application with database back-end
  • Printers: native support for print servers, print managers, and printer decoys  

Adding native support for additional specialized services and applications increases the decoy’s out-of-the-box authenticity while giving organizations decoy capabilities that alert when attackers attempt to compromise them. These added capabilities increase the breadth and depth of Attivo deception.

“As the attack surface continues to expand, organizations are increasingly seeking solutions that provide early detection and visibility for specialty environments,” said Rik Turner, Principal Analyst at Ovum. “Because of its efficacy, deception technology is now entering the mainstream and will soon be in the armory of most businesses. Attivo in particular provides highly authentic deception across an organization’s network, including difficult-to-secure environments such as IoT, network, and telephony infrastructure.” 

These new enhancements are also a direct response to reducing the time an attacker remains undetected in a network. This issue, known as dwell time, currently averages over 100 days (FireEye/Mandiant 2018 M-Trends report), which provides the time required for adversaries to successfully execute an attack. Unconventional attack surfaces can be difficult to secure and may not be monitored at the same levels as other devices, leaving exposed points of entry for attackers to establish a foothold and quietly exploit the network. The expansion of the ThreatDefend deception capabilities now provides the visibility and early detection for some of the most difficult entry points to secure, effectively reducing dwell time by quickly and accurately detecting threats.

Specialized Deception 
ThreatDefend™Detection and Response Platform

About Attivo Networks
Attivo Networks® is the leader in dynamic deception technology for the real-time detection, analysis and forensics of cyber-attacks. The Attivo Deception Platform provides inside-the-network threat detection for user networks, data centers, clouds, and ICS-SCADA environments.  Not reliant on known signatures or attack patterns, Attivo uses high-interaction deception techniques based on Attivo BOTsink® engagement servers to lure attackers into revealing themselves. Combined with the Attivo End-Point Deception Suite, advanced luring technology is deployed to detect the use of stolen credentials, ransomware, and targeted attacks. Comprehensive attack analysis and forensics provide actionable alerts and can be set to automatically block and quarantine attacks for accelerated incident response. For more information, visit


Christina Adams
Attivo Networks

Loren Guertin
Matter Communications for Attivo Networks