sb-as logo
Story image

Attivo Networks improves EDN solution with advanced features

Attivo Networks has added new capabilities to its Endpoint Detection Net (EDN) solution to raise the lateral movement detection bar and catch advanced cyber criminal techniques.

Specifically, the new capabilities prevent attackers from fingerprinting an endpoint and from conducting reconnaissance.

The new EDN Deflect functionality aids businesses in providing alerts to unauthorised host and service scanning. It identifies connection and reconnaissance attempts and isolates the attacker by redirecting them to decoys for engagement, without interfering with production services or ports.

Attivo Networks vice president of security research Venu Vissamsetty says, “The EDN Deflect feature increases the resistance in the network by preventing an attacker from moving laterally and fingerprinting network and application services.

“By detecting unauthorised ingress and egress connections both at the source and at the destination, security defenders gain real-time visibility along with conclusive detection alerts.”

Key features of Attivo Deflect include: the ability to redirect attackers scanning closed ports on protected hosts to decoys for engagement; the ability to redirect failed outbound connections from protected endpoints to decoys for engagement; and the ability to make every endpoint a trap and preventing fingerprinting of network services.

Furthermore, it provides real-time visibility and conclusive detection into every attack before it moves off an endpoint; it provides active detection and prevention capabilities at both the source and destination; and it isolates and investigates suspicious endpoints without external tools.

Attivo Networks states that attackers use fingerprinting to identify targets, decide which vulnerabilities to exploit, and determine how to successfully interact with them.

According to the company, attempts by attackers to fingerprint an endpoint are regularly missed due to the complexity of tracking, analysing, and alerting on all of an endpoint’s communications traffic.

When attackers successfully breach an endpoint and get a foothold inside a network - known as breakout time and estimated to average just under nine hours - they spread to other systems by probing for open ports and fingerprinting network services.

Furthermore, research shows that only 4% of reconnaissance activity generates an alert, and security controls miss 54% of techniques used to test lateral movement detection.

Attackers fingerprint target hosts by probing for open ports they can attack (HTTP/HTTPS, remote desktop, SSH, MSSQL, etc.), and then either run exploits against their vulnerabilities or find misconfigurations or weak passwords to compromise them.

Unlike traditional security solutions, the new functionality of Attivo Networks' EDN is able to redirect suspicious endpoint inbound or outbound traffic to decoys for attacker engagement.

The EDN solution with the Deflect function is available immediately.

Story image
2020 sees a global shift in financial malware threats
The financial threat landscape experienced a game-changing pandemic year, according to a new report from Kaspersky.More
Story image
ESET reveals APT groups exploiting Microsoft Exchange vulnerabilities
A number of advanced persistent threat (APT) groups are exploiting the latest Microsoft Exchange vulnerabilities, according to new ESET research.More
Story image
IT leaders prioritising automation, Zero Trust and API-based security investments
"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams."More
Story image
Exploits on organisations doubling every two to three hours after news of Microsoft Exchange’s four zero-day vulnerabilities
The race has started between hackers and security professionals following the disclosure of vulnerabilities on Microsoft Exchange Servers, according to Check Point Research.More
Story image
Fortinet achieves 400 integrations of Open Fabric Ecosystem
Fortinet EVP of products and CMO John Maddison says that the ecosystem aims to improve security, reduce complexity, and simplify operations. More
Story image
Cybersecurity budgets still not keeping up with threats — report
Executive teams are failing to recognise the level of damage cyber-threats pose to organisations, according to Sophos — many of them taking a ‘conservative approach’ to cybersecurity expenditure.More