sb-eu logo
Story image

Attivo Networks improves EDN solution with advanced features

Attivo Networks has added new capabilities to its Endpoint Detection Net (EDN) solution to raise the lateral movement detection bar and catch advanced cyber criminal techniques.

Specifically, the new capabilities prevent attackers from fingerprinting an endpoint and from conducting reconnaissance.

The new EDN Deflect functionality aids businesses in providing alerts to unauthorised host and service scanning. It identifies connection and reconnaissance attempts and isolates the attacker by redirecting them to decoys for engagement, without interfering with production services or ports.

Attivo Networks vice president of security research Venu Vissamsetty says, “The EDN Deflect feature increases the resistance in the network by preventing an attacker from moving laterally and fingerprinting network and application services.

“By detecting unauthorised ingress and egress connections both at the source and at the destination, security defenders gain real-time visibility along with conclusive detection alerts.”

Key features of Attivo Deflect include: the ability to redirect attackers scanning closed ports on protected hosts to decoys for engagement; the ability to redirect failed outbound connections from protected endpoints to decoys for engagement; and the ability to make every endpoint a trap and preventing fingerprinting of network services.

Furthermore, it provides real-time visibility and conclusive detection into every attack before it moves off an endpoint; it provides active detection and prevention capabilities at both the source and destination; and it isolates and investigates suspicious endpoints without external tools.

Attivo Networks states that attackers use fingerprinting to identify targets, decide which vulnerabilities to exploit, and determine how to successfully interact with them.

According to the company, attempts by attackers to fingerprint an endpoint are regularly missed due to the complexity of tracking, analysing, and alerting on all of an endpoint’s communications traffic.

When attackers successfully breach an endpoint and get a foothold inside a network - known as breakout time and estimated to average just under nine hours - they spread to other systems by probing for open ports and fingerprinting network services.

Furthermore, research shows that only 4% of reconnaissance activity generates an alert, and security controls miss 54% of techniques used to test lateral movement detection.

Attackers fingerprint target hosts by probing for open ports they can attack (HTTP/HTTPS, remote desktop, SSH, MSSQL, etc.), and then either run exploits against their vulnerabilities or find misconfigurations or weak passwords to compromise them.

Unlike traditional security solutions, the new functionality of Attivo Networks' EDN is able to redirect suspicious endpoint inbound or outbound traffic to decoys for attacker engagement.

The EDN solution with the Deflect function is available immediately.

Story image
Surfshark rolls out WireGuard open source VPN protocol
When there is less code in a VPN, it is less susceptible to security vulnerabilities due to easier configuration and management, according to Surfshark.More
Story image
Gartner names ThreatQuotient a representative vendor for SOAR
The company is listed in Gartner’s 2020 Market Guide for Security Orchestration, Automation and Response Solutions.More
Story image
WatchGuard expands partner ecosystem, enables partners to grow security services footprint
Combining WatchGuard's Total Security Suite and Passport bundle allows partners to provide complete security from network to endpoint for their customers.More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Interview: How cyber hygiene supports security culture - ThreatQuotient
We spoke with ThreatQuotient’s APJC regional director Anthony Stitt to dig deeper into cyber hygiene, security culture, threat intelligence, and the tools that support them.More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More