SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Attivo integrates with Azure for greater IoT threat protection
Fri, 28th Feb 2020
FYI, this story is more than a year old

Attivo Networks has integrated with Microsoft Azure Security Center for IoT. Together the organisations will deliver a solution designed for detection and response to attackers targeting Azure IoT Edge devices.

Attivo Networks is a specialist in cybersecurity threat detection. This integration extends the ThreatDefend platform to up the ante for security on the Azure service.

According to Microsoft, the intelligent edge is a prime target for attackers, and as such Azure IoT Edge actively addresses these risks by collaborating with security companies such as Attivo who are proficient at detecting attackers in these emerging environments.

The integration provides customers a reliable way to detect, redirect, and respond to in-network attackers.

Attivo Networks VP security research Venu Vissamsetty says, “Efficiently detecting cloud-based attacks on containers and Internet of Things (IoT) devices remains a significant challenge for legacy security controls.

“We are excited to partner with Microsoft to deliver the visibility, early detection, and accelerated response that organisations need to combat advanced attackers and leverage the maximum benefits of the Intelligent Edge.

Microsoft CTO and GM cloud and AI security division, Michael Braverman-Blumenstyk says, “At Microsoft, were committed to providing a trusted, easy-to-use platform that allows customers to securely build and unlock the value of their IoT deployments.

“Our collaboration with Attivo Networks strengthens the security framework of Azure Security Center for IoT Edge with effective, deception-based detection, enabling organisations to meet evolving security needs.

Azure IoT Edge is a managed service based on Azure IoT Hub. Utilising this, Organisations can deploy cloud workloads to run on IoT edge devices via standard containers.

By moving certain workloads to the edge of the network, devices spend less time communicating with the cloud, react quicker local changes, and operate reliably even in extended offline periods, Microsoft states.

The joint Attivo ThreatDefend and Azure IoT Edge solution deploys Azure IoT modules as decoys for early and accurate threat detection.

Security teams can also deploy ThreatDetect forwarders in remote IoT edge devices from the Azure IoT Hub console and project deception at scale across the enterprise cloud, IoT, industrial, and medical networks to protect their entire infrastructure.

This jointly developed solution is available in the Azure Marketplace. The Attivo ThreatDefend solution creates a fabric of deceptive assets that proactively deceive and redirect attackers into revealing themselves, the company states.

When attackers target IoT edge devices, attempting to conduct reconnaissance or move laterally, they will discover assets that appear identical to production systems.

Any active observation will cause the attack to be redirected into the deception environment, Attivo states.

The solution then raises an engagement-based alert that automatically notifies the Azure Security Center. Additionally, forensics and company-specific intelligence on the attack are gathered and can be used for understanding attacker methods, intent, and strengthening security defences, according to the company.