没有组织愿意成为因迅速变化的物联网和支持移动性的景观而造成的违规的下一个受害者,那里有充分资金的攻击者继续进行越来越复杂的袭击。和Verizonreporting that 70-90 percent of today's malware is unique to a specific company, making detection difficult, it's understandable why cyber threats may be keeping you awake at night.
即使您的公司没有遇到可怕的零日攻击,仍然有很多值得担心的事情。在它的M-Trends 2016" report, cyber-security firm Mandiant noted that hackers spend an average of 146 days inside of systems before they're detected, regardless of the entry method. This is a generous amount of time for all types of vectors to establish a foothold, infect other systems, gather critical data and exfiltrate information.
That's why Attivo's "threat deception" solution is designed to fortify your defenses by quickly detecting in-network threats and creating high-fidelity alerts. It is especially potent when deployed in conjunction with ArubaClearPass。
创新的伙伴关系在几分钟内中和威胁
Attivo Thristmatrix欺骗平台本质上将您的整个网络变成了智能和自我学习的恶意软件Mousetrap。它通过创建虚拟诱饵设备来吸引攻击者参与和揭示自己,从而欺骗和误导了攻击者。同时,如果您的网络,数据中心,云,工业控制系统(ICS),监管控制和数据采集系统(SCADA)或IOT设备感染了您的网络,数据中心,工业控制系统(ICS),则Attivo会实时提醒您。
经过integrating with ClearPass, our combined solution enables the automatic quarantining, or disconnecting, of devices infected with attack vectors, including evasive polymorphic attacks. As a result, threats that once required days to locate and remove manually (after they were actually detected) can now be detectedand几乎立即中和。
Attivo can also provide the attack's full Indicators of Compromise (IOC) for quick hunting and remediation.
Deception lures attackers and enables ClearPass to quarantine infections
联合Attivo/Aruba解决方案杠杆Clearpass Exchange,一个开放的第三方集成平台,用于端点控制和基于策略的威胁响应。
Specifically, upon detecting an attack, Attivo dynamically and automatically alters itself, constantly generating fresh bait while remaining in stealth to even the most sophisticated attacker.
接下来,Attivo技术确定攻击的类型并收集法医数据,从渗透到侵入时,捕获攻击者的完整策略,技术和程序(TTP),以及各种签名以及攻击者的命令和控制(C&C)信息。此外,它编译了受感染设备或系统的IP地址,这可以帮助自动化阻止和隔离受损系统。
将这些信息汇总到Syslog之后,将其转换为通用事件格式(CEF)文件。然后,Attivo通过Aruba解决方案中的基于REST的API与ClearPass相互作用。从那里开始,ClearPass根据信息Attivo提供的与用户先前制定的策略一起采取了措施。
经过验证的屡获殊荣的技术保护著名的财富品牌
In the real world, Attivo has proactively detected botnets, zombies and many other advanced threats that have evaded traditional security measures. Our zero-day detection capabilities have resulted in the discovery of threat vectors that are now part of global cyber security databases at industry leaders such as McAfee and Symantec.
一个例子来自制造业世界,机器人填充自动装配线。借助Attivo和Clearpass居民,可以防止ICS-SCADA系统渗透到受影响公司的附带经济损失的同时。
是什么使物联网脆弱以及您能做什么
In the case of IoT, any type of industry can be involved – given the proliferation of network-connected door locks, surveillance systems, plumbing pipe monitors and more critical infrastructure, like fuel pump sensors and other energy controls.
但是,确保IoT设备并不总是重中之重,并且标准的发展缓慢。不幸的是,现代网络犯罪分子可以(并确实)将物联网作为公司其他有线和无线网络的虚拟后门,或者作为网络攻击的发射台。这使得对确保IoT脆弱性易位关闭至关重要的更为主动的立场。
Regardless of your enterprise's size or type, and no matter how robust your resident protection methodologies, network attacks will persist as attackers continue devising new ways to outsmart even the best security prevention systems.
考虑到这一点,您最好的安全防御是有强大的安全进攻。拒绝攻击者进行活动的时间是保护您的网络的一种极为有效的方法。Attivo和ClearPass的联合优势可以通过提供主动的攻击检测和缓解以及加速事件响应的能力来帮助赋予各种规模的公司。
Marc Feghali是Attivo产品管理的联合创始人和副总裁,他是欺骗技术的屡获殊荣的领导者,用于实时检测,分析和加速对网络攻击的事件响应。总部位于加利福尼亚州的弗里蒙特(Fremont)受到跨越包括最负盛名的财富品牌在内的各种行业的公司信任。
