sb-as logo
Story image

Attivo Networks improves EDN solution with advanced features

Attivo Networks has added new capabilities to its Endpoint Detection Net (EDN) solution to raise the lateral movement detection bar and catch advanced cyber criminal techniques.

Specifically, the new capabilities prevent attackers from fingerprinting an endpoint and from conducting reconnaissance.

The new EDN Deflect functionality aids businesses in providing alerts to unauthorised host and service scanning. It identifies connection and reconnaissance attempts and isolates the attacker by redirecting them to decoys for engagement, without interfering with production services or ports.

Attivo Networks vice president of security research Venu Vissamsetty says, “The EDN Deflect feature increases the resistance in the network by preventing an attacker from moving laterally and fingerprinting network and application services.

“By detecting unauthorised ingress and egress connections both at the source and at the destination, security defenders gain real-time visibility along with conclusive detection alerts.”

Key features of Attivo Deflect include: the ability to redirect attackers scanning closed ports on protected hosts to decoys for engagement; the ability to redirect failed outbound connections from protected endpoints to decoys for engagement; and the ability to make every endpoint a trap and preventing fingerprinting of network services.

Furthermore, it provides real-time visibility and conclusive detection into every attack before it moves off an endpoint; it provides active detection and prevention capabilities at both the source and destination; and it isolates and investigates suspicious endpoints without external tools.

Attivo Networks states that attackers use fingerprinting to identify targets, decide which vulnerabilities to exploit, and determine how to successfully interact with them.

According to the company, attempts by attackers to fingerprint an endpoint are regularly missed due to the complexity of tracking, analysing, and alerting on all of an endpoint’s communications traffic.

When attackers successfully breach an endpoint and get a foothold inside a network - known as breakout time and estimated to average just under nine hours - they spread to other systems by probing for open ports and fingerprinting network services.

Furthermore, research shows that only 4% of reconnaissance activity generates an alert, and security controls miss 54% of techniques used to test lateral movement detection.

Attackers fingerprint target hosts by probing for open ports they can attack (HTTP/HTTPS, remote desktop, SSH, MSSQL, etc.), and then either run exploits against their vulnerabilities or find misconfigurations or weak passwords to compromise them.

Unlike traditional security solutions, the new functionality of Attivo Networks' EDN is able to redirect suspicious endpoint inbound or outbound traffic to decoys for attacker engagement.

The EDN solution with the Deflect function is available immediately.

Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
Microsoft takes legal action to disrupt botnet and combat ransomware
Microsoft has announced it took action to disrupt a botnet, Trickbot, one of the world's most infamous botnets and prolific distributors of malware and ransomware.More
Link image
Why the threat of ransomware requires quality resources to keep it at bay
With this ransomware prevention kit, learn actionable tactics for IT departments on how to manage backups and enable staff so that ransomware is a managed and controlled risk.More
Story image
Five Eyes nations want legal access to backdoors to fight 'illegal content'
The nations argue that encryption can make the enforcement of public safety difficult, particularly when it comes to serious problems like child exploitation. More
Story image
Report reveals relationship between boardroom and cybersecurity investments
“While boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value."More