The shift from prevention technology to deception and response

The shift from prevention technology to deception and response

Ray Kafity, Vice President, Middle East, Turkey and Africa at Attivo Networks

Intelligent CIO caught up with Ray Kafity, Vice President, Middle East, Turkey & Africa at Attivo Networks to discuss the company’s forecast for upcoming industry trends and how they are witnessing new technologies such as IoT changing the threat landscape.

Q: Since the product launch in June this year, has Attivo made any adaptations to the ThreatDefend platform?

A: The ThreatDefend™ platform has new capabilities in the area of advanced cyber deception and luring techniques. These enhancements are designed for the increased depth in deceptions to address an evolving attack surface, scalability, ease of operations and enhancements for attacker counterintelligence, which can be used to strengthen security defences.

Q: What is the importance of distributor partnerships for Attivo?

A: Our partners are a critical component of the overall growth strategy. We’re selective with our partnerships because we want each partner to understand the Attivo value proposition and be able to effectively communicate the value of deception technology to end customers. Our partners are carefully selected based on the alignment of business models and their ability to support customers in both a sales and technical perspective. These latest partnerships strengthen our ability to address the growing demand for deception technology in the market and to support our growing customer base.

Q: What IT trends do you see shaping the industry across the next two years?

A: Given the unrelenting number of breaches and cyberattacks, we expect to see a continued shift in the allocation of security budgets over next two years. There will be an increased shift of budget from prevention security controls to detection and response technology. Organisations are now universally accepting that a 100% secure perimeter defence is not achievable and it is now a requirement to invest in detection technology to find threats early and efficiently, before the attacker can complete their mission and cause harm. Because of this shift, we also expect to see continued rapid adoption of deception technology as it helps organisations efficiently and accurately close and respond to detection gaps.

Q: What solutions does Attivo offer to help companies target increasing insider threats?

A: Insiders, contractors, and suppliers can be some of the trickiest threats to detect because they are already granted privileged access. Given the need to complete work tasks, facilitate information sharing or commerce, organisations must grant this collective group access to its networks and resources. This inherently puts them inside the firewall and allows them to bypass prevention security controls. Historical detection controls are also not tuned to detect the lateral movement of these individuals as they do internal reconnaissance and attempt to harvest credentials to escalate their attacks.

Attivo deception places a critical role in identifying these threats. Deception is designed to lay traps and lures to attract both internal and external threat actors. The decoys are high interaction and appear identical to production assets and employee credentials, however since they have no real ‘production value’, any attempt to interact or use the credential will result in an engagement-based alert, which accurately detects the nefarious actions. The decoys can also be an effective alert system as the actor attempts to plant malware or crack into Wi-Fi networks for enhanced access. We pride ourselves on the authenticity of our solution and have long list of customer stories related to catching insiders and on catching penetration testers who have also fallen prey to our authentic deceptions.

Q: Are companies currently putting enough focus on deception technology? Or is there more of a focus on prevention?

A: As breaches increase worldwide, organisations are looking for new ways to bolster their security defences and are rapidly adopting deception to close the detection deficit and as a key component of their overall network security strategy. Gartner is validating this shift from prevention to detection and response in their adaptive defence model and has gone so far as to identify deception as a recommended initiative for 2017.

Q: What new cyberthreats is Attivo recognising new technology developments such as IoT introducing?

A: Internet of Things is increasing the attack surface. Anything connected to the Internet becomes vulnerable because it has a piece of software in there that people can leverage as a way in to the network or as a device to compromise for exploitation or harm. Unfortunately, IoT innovation has come at the expense of security and presents risk associated with everything from medical devices to other operational technologies, which can put not only data at risk, but potential harm to patient care or human safety. It is imperative that as we continue to innovate that security defences not be compromised. The next innovation that we see having a material impact on information security and safety will be containers, they will come with an ability to propagate attacks in a way that has not been seen before, increasing complexity and playing to the attacker’s advantage.

However, despite this evolving threat landscape and attack surface, deception technology is a highly effective technology for changing the asymmetry of the attack. With Attivo, organisations can configure the Attivo deception platform to look identical to the IoT supervisory, gateway control devices or devices on their networks and deceive attackers into engaging. Once identified, attacks can be analysed, and automations applied so the attackers can be blocked and quarantined easily and efficiently. This early and accurate detection will give the organisations the visibility and ability to respond, before the attacker has time to lodge a full fledged attack. Also, with its flexible architecture, the decoys can be configured to appear identical to devices on user networks, data centres, cloud, ROBO, telecommunications, and other specialised devices (ICS, IOT, POS), providing the flexibility to deploy deception across all environments in a manner that is attractive and authentic to the attacker.

Browse our latest issue

Intelligent CISO

View Magazine Archive