SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
#
Firewalls
#
Ransomware
#
Network Security

Video: 10 Minute IT Jams – Attivo Networks on threat detection using deception

Mon, 3rd Aug 2020
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor

Cyber attackers face a new obstacle. Ativo Networks, a US-based cyber security vendor, is about to launch a novel feature that promises not only to detect intruders but to waste their time and resources.

Speaking with Tech Day, Ativo Networks solutions engineer Vlado Vidis explained the significance of the soon-to-be-released EDN Deflect feature, which introduces an advanced form of threat detection and deception to the marketplace.

"This feature is new, soon to be released, and it's something that defenders didn't have in their arsenal so far," Vidis said. "It's something new, something that can help them detect the attackers that have taken over a computer inside their network."

The premise is simple, but innovative. Once a computer is compromised, attackers typically start exploring the network, seeking valuable data or IT resources to exploit or ransom. Vidis described this as a critical moment: "The biggest vulnerability in everybody's network is the humans in front of the computers… with well executed phishing attacks, anybody is vulnerable, and once the computer is taken over, detection is what is needed."

Attackers usually probe what cybersecurity specialists call "dark address space" - portions of a corporate network not in use, or where no active devices communicate. This is where Deflect steps in.

"Deflect will detect these attempts, these probes, and will generate accurate alerts for the defenders so they can react, contain the attacker, and then remove the attacker," he explained.

The ability to spot such behaviour wasn't readily available before. While other tools may have previously attempted to flag unusual network scans, Vidis claims Deflect offers a step-change in accuracy and timeliness. "This is the first time that this can be traced, that the alerts are more accurate… so this is something that wasn't available before and that can really help defenders with their job," he said.

Deflect is billed as a versatile shield, capable of detecting a wide spectrum of cyber intrusions. "Really, any sort of attack can be detected using this technique," said Vidis. Whether it is common malware, information stealers, ransomware, or more sophisticated, human-directed attacks orchestrated by cyber criminals or even nation-state actors, Deflect is designed to pick up the telltale digital footprints.

"Enterprises are more and more common targets of state attackers these days," Vidis warned.

He continued: "Any attacker, once they get into the network, don't really know where they landed. They are going to look for something to steal, they are going to be scanning the network and touching empty spaces. Any outgoing connection to an unknown IP or unknown service on the network is going to be detected by Deflect and defenders can then take over and do their job."

But Deflect's capabilities don't end at detection. The system also aims to halt and discourage attackers through digital trickery. This is achieved via a deception technique.

"One of the features of the Ativo platform is called deception," Vidis explained. "Once an attacker tries to connect to an unknown IP or an IP that is not used, we will connect this session and we will redirect this attacker to a decoy. A decoy is a computer system or a service on the network with the specific purpose of detection - it doesn't contain any useful data."

Once inside the decoy, attackers find themselves in a digital dead end. They waste precious time and resources, often unaware they have been caught in a honeytrap. "They are going to be spending some time working out where they connected to. This will disorient them, this will confuse them, and this will waste their time," said Vidis. "It will make their attack more expensive. These days attackers are subject to economic pressures as everyone else and they will try to do attacks as cheaply as possible."

The hope, Vidis added, is that frustrated hackers may give up or simply move on to an easier target. "Delaying attackers is good because it allows defenders more time to react and to contain the attackers. The delaying tactic is really useful and again, something else defenders have got in their arsenal now."

Once an alert is triggered, Deflect provides clear, actionable information to help cyber security teams respond rapidly. "The first job for the defenders is to confirm the alert and get as much information as possible about the attacker so the response can be targeted and quick," Vidis noted.

The Ativo platform shows defenders which process is making connections to unknown address space, and which file is responsible. "Investigation is quick," he said. Endpoint isolation and removal from the network can then be performed remotely, containing the threat before it spreads.

Vidis is candid about the resource constraints facing IT teams. "Defenders' resources are always limited, there is always more attacks, there is always more investigations. So this is, as I said before, another tool in their arsenal, something that is useful for quick detection and quick response to most of the attacks these days."

With growing numbers of enterprises falling victim to cyber crime, Ativo Networks is eager to see Deflect in action. "We're really looking forward to bringing this feature to the market and seeing the feedback we see from our customers," Vidis said.

Asked for any final thoughts, he concluded: "Something else defenders have got in their arsenal now."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Phishing-as-a-Service drives surge in cybercrime for 2025
Datadog launches enhanced log tools for cost & compliance needs
Contrast Northstar brings real-time AI to application security
NZ cyber incidents cause NZD $7.8 million loss in early 2025
Upwind names Rinki Sethi Chief Security Officer amid growth
Top stories
AU10TIX unveils AnyDoc AI tool to combat document fraud risk
Cloudflare blocks 108.9 billion cyberattacks targeting civil groups
Just 3% of New Zealand domains enforce top anti-phishing policy
Azul boosts Java security with improved runtime vulnerability detection
Arctic Wolf celebrates top ANZ partners as channel network doubles