INTELLIGENT BRANDS // Enterprise Security

Attivo Networks , an awardwinning leader in cyber deception and attacker lateral movement threat detection , has introduced new capabilities to its Endpoint Detection Net ( EDN ) solution that prevent attackers from fingerprinting an endpoint to identify security weaknesses and from conducting reconnaissance .

identify targets , decide which vulnerabilities to exploit and determine how to successfully interact with them . Unlike traditional security solutions , these new capabilities proactively redirect suspicious endpoint inbound or outbound traffic to decoys for attacker engagement .

The new EDN Deflect functionality provides alerts to unauthorized host and service scanning , which is critical because other security controls typically do not generate an alert for these types of activities .

Attempts by attackers to fingerprint an endpoint are regularly missed due to the complexity of tracking , analyzing and alerting on all of an endpoint ’ s communications traffic . hours ) they spread to other systems by probing for open ports and fingerprinting network services .

Furthermore , research shows that only 4 % of reconnaissance activity generates an alert , and security controls miss 54 % of techniques used to test lateral movement detection .

The EDN solution , with its new Deflect function , identifies these connection and reconnaissance attempts and isolates the attacker by redirecting them to decoys for engagement , without interfering with production services or ports .

“ The EDN Deflect feature increases the resistance in the network by preventing an attacker from moving laterally and fingerprinting network and application services ,” said Venu Vissamsetty , Vice President of Security Research , Attivo Networks . “ By detecting unauthorized ingress and egress connections both at the source and at the destination , security defenders gain real time visibility along with conclusive detection alerts .”

Attackers fingerprint target hosts by probing for open ports they can attack ( HTTP / HTTPS , remote desktop , SSH , MSSQL , etc .), and then either run exploits against their vulnerabilities or find misconfigurations or weak passwords to compromise them .

The Attivo Deflect function gives power back to the defender by :

• Redirecting attackers scanning closed ports on protected hosts to decoys for engagement

• Redirecting failed outbound connections from protected endpoints to decoys for engagement

• Making every endpoint a trap and preventing fingerprinting of network services

• Providing real time visibility and conclusive detection into every attack before it moves off an endpoint

• Providing active detection and prevention capabilities at both the source and destination

• Isolating and investigating suspicious endpoints without external tools •

These new deflection capabilities efficiently and accurately detect network and application fingerprinting as well as lateral movement , closing one more attack vector that threat actors are increasingly leveraging .

When attackers successfully breach an endpoint and get a foothold inside a network ( known as ‘ breakout time ’ and estimated to average just under nine

68 INTELLIGENTCIO www . intelligentcio . com