Attivo Networks, a provider of cybersecurity threat detection solutions, has announced new capabilities within its ThreatDefend Detection Platform that aim to anticipate and address methods an attacker will use to break out from an infected endpoint.
Protecting endpoints and preventing the spread of infected systems is a critical concern for organizations of all sizes, according to research revealing that attackers can move off of an initially compromised system in 4.5 hours, on average. Further, new research shows that the average dwell time—the time it takes to detect attackers operating within an enterprise network—increased an average of 10 days in 2019, from 85 to 95 days, highlighting the escalating requirement to secure endpoints and prevent an adversary from establishing a foothold.
As a result, CISOs and security managers are increasing their spending and allocating budget for network detection and response tools, staff skills training, and endpoint detection and response solutions.
“Endpoints are the new battleground, and well-orchestrated detection and response capabilities are an organization’s greatest weapon against attackers,” said Srikant Vissamsetti, senior vice president of engineering at Attivo Networks. “The new Endpoint Detection Net offering provides organizations of all sizes an efficient and effective way to derail an attacker’s lateral movement before they can establish a foothold or cause material harm.”
The Attivo Endpoint Detection Net product is tackling endpoint security challenges head-on by making every endpoint a decoy designed to disrupt an attacker’s ability to break out and further infiltrate the network. It does this without requiring agents on the endpoint or causing disruption to regular network operations.
The company says its approach to detection specifically focuses on reducing the time an attacker can remain undetected and the amount of effort required for an organization to restore environments to normal operations. This new Endpoint Detection Net offering will also serve as a powerful protection force-multiplier for businesses using endpoint protection and endpoint detection and remediation solutions by closing detection gaps and facilitating automated incident response.
The Endpoint Detection Net solution elevates security control by accurately raising alerts and taking proactive measures to derail attackers. These capabilities include early attack detection based on:
- Unauthorized Active Directory queries from an endpoint.
- Theft of local credentials.
- Attempts to compromise file servers by moving to mapped shares.
- Network reconnaissance to find production assets and available services.
- Man-in-the-Middle attacks where attackers try to steal credentials in transit.
- Identifying the available attack paths that an attacker would take to move about the network.
For more information, visit www.attivonetworks.com.