sb-nz logo
Story image

Attivo Networks improves EDN solution with advanced features

Attivo Networks has added new capabilities to its Endpoint Detection Net (EDN) solution to raise the lateral movement detection bar and catch advanced cyber criminal techniques.

Specifically, the new capabilities prevent attackers from fingerprinting an endpoint and from conducting reconnaissance.

The new EDN Deflect functionality aids businesses in providing alerts to unauthorised host and service scanning. It identifies connection and reconnaissance attempts and isolates the attacker by redirecting them to decoys for engagement, without interfering with production services or ports.

Attivo Networks vice president of security research Venu Vissamsetty says, “The EDN Deflect feature increases the resistance in the network by preventing an attacker from moving laterally and fingerprinting network and application services.

“By detecting unauthorised ingress and egress connections both at the source and at the destination, security defenders gain real-time visibility along with conclusive detection alerts.”

Key features of Attivo Deflect include: the ability to redirect attackers scanning closed ports on protected hosts to decoys for engagement; the ability to redirect failed outbound connections from protected endpoints to decoys for engagement; and the ability to make every endpoint a trap and preventing fingerprinting of network services.

Furthermore, it provides real-time visibility and conclusive detection into every attack before it moves off an endpoint; it provides active detection and prevention capabilities at both the source and destination; and it isolates and investigates suspicious endpoints without external tools.

Attivo Networks states that attackers use fingerprinting to identify targets, decide which vulnerabilities to exploit, and determine how to successfully interact with them.

According to the company, attempts by attackers to fingerprint an endpoint are regularly missed due to the complexity of tracking, analysing, and alerting on all of an endpoint’s communications traffic.

When attackers successfully breach an endpoint and get a foothold inside a network - known as breakout time and estimated to average just under nine hours - they spread to other systems by probing for open ports and fingerprinting network services.

Furthermore, research shows that only 4% of reconnaissance activity generates an alert, and security controls miss 54% of techniques used to test lateral movement detection.

Attackers fingerprint target hosts by probing for open ports they can attack (HTTP/HTTPS, remote desktop, SSH, MSSQL, etc.), and then either run exploits against their vulnerabilities or find misconfigurations or weak passwords to compromise them.

Unlike traditional security solutions, the new functionality of Attivo Networks' EDN is able to redirect suspicious endpoint inbound or outbound traffic to decoys for attacker engagement.

The EDN solution with the Deflect function is available immediately.

Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Story image
Video: 10 Minute IT Jams - Who is LogRhythm?
LogRhythm VP of sales for Asia Pacific Simon Howe, who discusses the company's primary offerings and services, what products the company is focused on for the future, and the infrastructure it has in the A/NZ market.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
Education sector most at risk of DNS attacks - with a steep cost
84% of education organisations surveyed have been hit by DNS attacks, with each suffering an average of eight attacks.More
Story image
Revealed: Imperva publishes research on decade old botnet, responsible for millions of attacks
Imperva Research Labs has revealed findings of a six-month intensive investigation into a botnet that has been exploiting CMS vulnerabilities.More