sb-au logo
Story image

Attivo Networks improves EDN solution with advanced features

Attivo Networks has added new capabilities to its Endpoint Detection Net (EDN) solution to raise the lateral movement detection bar and catch advanced cyber criminal techniques.

Specifically, the new capabilities prevent attackers from fingerprinting an endpoint and from conducting reconnaissance.

The new EDN Deflect functionality aids businesses in providing alerts to unauthorised host and service scanning. It identifies connection and reconnaissance attempts and isolates the attacker by redirecting them to decoys for engagement, without interfering with production services or ports.

Attivo Networks vice president of security research Venu Vissamsetty says, “The EDN Deflect feature increases the resistance in the network by preventing an attacker from moving laterally and fingerprinting network and application services.

“By detecting unauthorised ingress and egress connections both at the source and at the destination, security defenders gain real-time visibility along with conclusive detection alerts.”

Key features of Attivo Deflect include: the ability to redirect attackers scanning closed ports on protected hosts to decoys for engagement; the ability to redirect failed outbound connections from protected endpoints to decoys for engagement; and the ability to make every endpoint a trap and preventing fingerprinting of network services.

Furthermore, it provides real-time visibility and conclusive detection into every attack before it moves off an endpoint; it provides active detection and prevention capabilities at both the source and destination; and it isolates and investigates suspicious endpoints without external tools.

Attivo Networks states that attackers use fingerprinting to identify targets, decide which vulnerabilities to exploit, and determine how to successfully interact with them.

According to the company, attempts by attackers to fingerprint an endpoint are regularly missed due to the complexity of tracking, analysing, and alerting on all of an endpoint’s communications traffic.

When attackers successfully breach an endpoint and get a foothold inside a network - known as breakout time and estimated to average just under nine hours - they spread to other systems by probing for open ports and fingerprinting network services.

Furthermore, research shows that only 4% of reconnaissance activity generates an alert, and security controls miss 54% of techniques used to test lateral movement detection.

Attackers fingerprint target hosts by probing for open ports they can attack (HTTP/HTTPS, remote desktop, SSH, MSSQL, etc.), and then either run exploits against their vulnerabilities or find misconfigurations or weak passwords to compromise them.

Unlike traditional security solutions, the new functionality of Attivo Networks' EDN is able to redirect suspicious endpoint inbound or outbound traffic to decoys for attacker engagement.

The EDN solution with the Deflect function is available immediately.

Story image
City council in Queensland goes digital with Rubrik
“By using our data effectively, the possibilities are endless — we can improve internal efficiency, deliver strategic benefits, or drive greater economic, community, and environmental value."More
Story image
Video: 10 Minute IT Jams - Bitglass director on all things SASE
This is our second IT Jam with both Bitglass and Jonathan Andresen, who is the company's senior director of marketing. In this video, Jonathan discusses all things related to Secure Access Service Edge (SASE): its advantages over traditional security tech, what enterprises should look for, and how SASE relates to cloud-delivered secure web gateways.More
Story image
Latest DDLS certification equips IT professionals with in-demand security skills
DDLS has introduced the Certified Secure Software Lifecycle Professional (CSSLP) certification from (ISC), a significant addition to its cybersecurity portfolio.More
Story image
emt Distribution brings Netsparker security solutions to A/NZ and APAC market
emt Distribution has announced it will bring enterprise-level Netsparker dynamic application security testing solution to Australia, New Zealand and APAC businesses.More
Story image
Financial firms exposing data through mismanaged access controls - Varonis
Almost two-thirds of the analysed firms leave more than 1000 sensitive files open for every employee to access.More
Story image
Kaspersky unveils two major update to its Transparency Initiative
The company has announced the opening of a new Transparency Center, as well as the ompletion of a widespread transferal of data storage and processing activities to Switzerland.More