ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Similar documents
ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

WHITEPAPER DECEPTION TO ENHANCE ENDPOINT DETECTION AND RESPONSE

Checklist for Evaluating Deception Platforms

WHITEPAPER DECEPTION FOR A SWIFT DEFENSE

Introduction to Threat Deception for Modern Cyber Warfare

The Art and Science of Deception Empowering Response Actions and Threat Intelligence

Stop Threats Before They Stop You

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

THE ACCENTURE CYBER DEFENSE SOLUTION

Cisco Firepower NGFW. Anticipate, block, and respond to threats

RSA INCIDENT RESPONSE SERVICES

McAfee Endpoint Threat Defense and Response Family

Reducing the Cost of Incident Response

Cisco Firepower NGFW. Anticipate, block, and respond to threats

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Stopping Advanced Persistent Threats In Cloud and DataCenters

RSA INCIDENT RESPONSE SERVICES

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Manufacturing security: Bridging the gap between IT and OT

GDPR with Deceptive Technology Perspective

Building Resilience in a Digital Enterprise

McAfee epolicy Orchestrator

Cisco ISE Plus SIEM and Threat Defense: Strengthen Security with Context

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

with Advanced Protection

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Securing the Software-Defined Data Center

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

FOUR WAYS TO IMPROVE ENDPOINT SECURITY: MOVING BEYOND TRADITIONAL APPROACHES

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

AKAMAI CLOUD SECURITY SOLUTIONS

Achieving End-to-End Security in the Internet of Things (IoT)

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

Snort: The World s Most Widely Deployed IPS Technology

Managed Endpoint Defense

Teradata and Protegrity High-Value Protection for High-Value Data

RSA NetWitness Suite Respond in Minutes, Not Months

in collaboration with

Infoblox as Part of the Ecosystem

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cisco ASA Next-Generation Firewall Services

ForeScout ControlFabric TM Architecture

Cisco Network Admission Control (NAC) Solution

Software-Define Secure Networks The Future of Network Security for Digital Learning

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

Compare Security Analytics Solutions

SIEMLESS THREAT DETECTION FOR AWS

CloudSOC and Security.cloud for Microsoft Office 365

Deception: Deceiving the Attackers Step by Step

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Securing the Modern Data Center with Trend Micro Deep Security

How-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology

SIEM Solutions from McAfee

Security and Compliance for Office 365

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

Proactive Approach to Cyber Security

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

Cisco Cyber Threat Defense Solution 1.0

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

Sustainable Security Operations

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Segment Your Network for Stronger Security

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

RiskSense Attack Surface Validation for IoT Systems

Automating the Top 20 CIS Critical Security Controls

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

CyberArk Privileged Threat Analytics

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Advanced Malware Protection: A Buyer s Guide

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Agile Security Solutions

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

McAfee Advanced Threat Defense

Medigate and Palo Alto Networks Integration

Cylance Axiom Alliances Program

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Securing Devices in the Internet of Things

Transcription:

PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network threat detection, attack analysis, and improved automated incident response to block and quarantine infected end-points. HIGHLIGHTS Real-time Threat Detection Automated Quarantine and Blocking Expedited Incident Response Cross-platform Information Sharing THE CHALLENGE Network, system, and data compromises are occurring at an unrelenting pace and organizations across all industries are seeking innovative solutions to protect themselves. Security professionals understand that they have detection gaps inside their networks, and face mounting concerns about their ability to quickly detect and stop attackers from causing too much damage. Whether the attacker finds their way in through stolen credentials reuse, zero-day exploitation, ransomware attacks, or start off as an insider, they will establish a foothold and move laterally throughout the network until they complete their mission. Once attackers bypass the existing prevention mechanisms, they can easily move around the network 1

undetected by the security solutions in place. Organizations need a new approach to security to quickly detect and shut down these attacks, one that focuses on the threats that are inside the network and does not rely on typical measures such as looking for known signatures or matching attack patterns. This new method to detect attacks uses deception to deceive threats into revealing themselves and once engaged, can capture valuable attack forensics that can be used to block the attacker quickly from continuing or completing their mission. DECEPTION FOR IN-NETWORK THREAT DETECTION Organizations are actively turning to deception technology as the preferred security control for early and accurate detection of in-network threats. Some are first-time deception technology adopters, drawn to the accuracy and efficiency of the solution, while others are migrating off homegrown honeypot technology for additional accuracy and operational efficiency. Deception technology works by turning the network into a web of sensors with a maze of misdirection that tricks an attacker into engaging and revealing their presence. With deception in the network, the attacker need make only one small engagement mistake to reveal their presence. By being present at the network and endpoint layers, deception technology blankets the network with lures and traps designed to attract and engage an attacker during reconnaissance, lateral movement, while harvesting credentials, or when seeking to compromise Active Directory. Deception also addresses alert and log fatigue by only generating an engagement-based alert substantiated with threat and adversary intelligence. Advanced distributed deception platforms also save time and energy by providing automated analysis of each attack, capturing the attacker s valuable Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs); and by providing actionable intelligence of the attack for improved incident response and to better fortify the network. THE ATTIVO THREATDEFEND AND CISCO JOINT SOLUTION Recognized as the industry s most comprehensive deception solution, the ThreatDefend platform is comprised of the Attivo Networks BOTsink deception servers, ThreatStrike endpoint deception suite, ThreatPath for attack path visibility, ThreatOps for repeatable response playbooks, DecoyDocs for data loss tracking, ThreatDirect for deployment flexibility in micro-segmented, remote or branch environments, and the Attivo Central Manager (ACM) for enterprise deception and threat intelligence management. Together, these solutions create a comprehensive early detection and continuous threat management defense against information security threats. The BOTsink solution and the ThreatStrike suite are the main integrations with Cisco solutions. 2

The Attivo Networks BOTsink deception solution improves security in enterprise networks as well as private and public data centers by identifying in-network threats and infected devices in real-time. The Attivo BOTsink solution is based on a deception engagement server that lures attackers to engaging before they can infiltrate company production servers. The BOTsink solution uses dynamic application and server-level deception techniques, including the ability to deploy Cisco IOS decoys, to attract and engage attackers so it can collect forensic information about the infected endpoint, attacker IP address, and the methods and tools that an attacker is using. Frictionless in its deployment, the BOTsink solution easily scales to detect threats in the enterprise network and in private and public cloud environments. The BOTsink deception servers are also designed to detect both reconnaissance and targeted attacks. The integration of the Attivo ThreatDefend platform with the various Cisco solutions gives organizations real-time detection of cyberattacks and detailed forensics to proactively prioritize and address critical issues for prompt response, information sharing, and remediation. The ThreatStrike Suite includes deceptive credentials, lures, and mapped drives for ransomware attacks that bait and lead the attacker to the BOTsink solution engagement server. The engagement server captures the Indicators of Compromise (IOC) and full Techniques, Tactics, and Procedures (TTPs) of the attack. Security teams can install the ThreatStrike Suite at endpoints within the BOTsink solution user interface or through existing software delivery mechanisms for easy, frictionless deployment. When an attacker attempts usage of these credentials, the BOTsink solution raises a high-fidelity alert, empowering the security operations team to take quick incident response actions. Offered as a virtual machine, the ThreatDirect solution allows organizations to scale their deception deployment to remote and branch offices, the cloud, and to distributed and micro-segmented networks without the need for a local appliance. Because of its modular nature, the solution can run on almost any virtual environment, including the Cisco ISR 4000 series & ASR 1000 series devices that run a hypervisor and can host VMs natively. This gives organizations deployment flexibility in how they scale to remote locations. 3

ThreatDefend Deception & Response Platform Deception Plus Network Deception DECOYS Endpoint Deception CREDENTIALS DECEPTIONS Ransomware Bait Application Deception Data Deception DecoyDocs BOTsink Cloud, VM, Appliance ThreatStrike Agentless License VISIBILITY Attack Path Discovery: ThreatPath Network Visibility INCLUDED Substantiated Alerts Forensic Reporting Automated Attack Analysis & Replay Integrations for Auto-Response INCIDENT RESPONSE C2 Engagement Malware Analysis Repeatable Playbooks: ThreatOps OPERATIONS Central Manager Deception Test Tools THREATDEFEND PLATFORM INTEGRATION WITH CISCO ISE The Cisco Identity Services Engine (ISE) is a solution to streamline security policy management and reduce operating costs. With Cisco ISE, organizations can see users and devices controlling access across wired, wireless, and VPN connections to the corporate network. Cisco ISE allows organizations to provide highly secure network access to users and devices. It provides visibility into what is happening in the network, such as who is connected, which applications are installed and running, and much more. It also shares vital contextual data, such as user and device identities, threats, and vulnerabilities with integrated solutions from Cisco technology partners to identify, contain, and remediate threats faster. The ThreatDefend platform and Cisco ISE are integrated to offer customers a collective defense solution that empowers detection of real-time threats, gathering of attack analysis, manual or automated blocking of attacks, and quarantining of endpoints based on suspicious activity. The combined solution also offers a centralized portal that allows easy blocking of infected endpoints. Together, the solution enables continuous threat management through early detection, analysis, and remediation capabilities. 4

A vital part of the ThreatDefend platform, the BOTsink solution includes distributed decoy systems based on real operating systems and services for the highest levels of authenticity. The solution is dispersed across the network to lure the attacker into engaging with it. Once engaged, the attack continues to play out safely in the BOTsink solution environment, which in turn identifies the infected endpoints, the attacker IP address, and generates attack signatures to automatically send to the Cisco pxgrid platform. The BOTsink solution or the ThreatOps solution will then initiate endpoint policies enforcing the automated blocking and quarantining of the devices, thus preventing the attacker from completing their mission and providing organizations with an efficient solution for early detection of active attacks and prompt incident response handling of cyberattacks. Attivo ThreatDefend platform with the Cisco ISE platform allows customers to shorten response time with detailed insight provided by actionable dashboards with advanced queries and reports. CISCO ISE INTEGRATION TO AUTOMATICALLY QUARANTINE INFECTED END-POINTS 5

THREATDEFEND PLATFORM INTEGRATION WITH CISCO ASA Cisco Adaptive Security Appliance (ASA) Software is the core operating system that powers the Cisco ASA family of security devices. It delivers enterprise-class firewall and VPN capabilities and integrates with Cisco Intrusion Prevention System (IPS), Cisco Cloud Web Security, Cisco Identity Services Engine (ISE), and Cisco TrustSec for comprehensive security solutions that meet continuously evolving security needs. Cisco ASA Software is used in more than one million security appliances deployed throughout the world. The same core ASA Software supports a variety of form factors, including a wide range of standalone appliances, hardware blades that integrate with an organization s existing network infrastructure, and software that can secure and protect public and private clouds. QUARANTINING INFECTED ENDPOINT Integration between the Attivo ThreatDefend platform and Cisco ASA is simple to set up and can be completed in minutes, like the Cisco ISE configuration. The process begins with the ThreatDefend Platform identifying a threat that has bypassed traditional prevention systems and has started to infect machines on the network. Once the threat engages with the deception decoys, the attack can be safely played out and analyzed in a quarantined environment. Detailed attack forensics including signatures and attack patterns can be relayed from the Attivo ThreatDefend platform to the Cisco ASA device which allows organizations to automate blocking to prevent exfiltration of their valuable data. 6

THREATDEFEND PLATFORM INTEGRATION WITH CISCO PXGRID The Cisco Platform Exchange Grid (pxgrid) fosters communication with multiple security products to share data and work together. This open, scalable, and IETF standards-driven platform helps automate security to get answers and contain threats faster. Using one API for open, automated data sharing and control, pxgrid can help an entire ecosystem of dissimilar, IETF standards-track technologies work together through a single interface, allowing for rapid visibility and threat containment via Cisco ISE. PXGRID INTEGRATIONS Cisco pxgrid provides a common transport language between the various network and security systems in the IT environment. Eliminating the need for each system to rely on single-purpose APIs, they can all be seamlessly integrated with pxgrid to share contextual information with each other. Intersystem communications can then occur automatically and immediately with no manual intervention required. Cisco pxgrid enables multivendor, cross-platform network system collaboration among multiple parts of the IT infrastructure. This enables IT and security vendors to use pxgrid to share context with other Cisco platforms that use pxgrid, as well as with systems from any other pxgrid ecosystem partner. Organizations benefit from the value of the Attivo ThreatDefend platform integration with Cisco pxgrid via the sharing of IOCs with other partner solutions and initiating Cisco ISE quarantines. 7

THREATDEFEND PLATFORM FEATURES FOR CISCO DECEPTION The ThreatDefend platform offers several features to enhance deception functionality with Cisco products. The BOTsink deception server can project Cisco IOS decoys for router and switch deception. Using the IOS decoys allows organizations to plant deceptive router decoys in the network to mislead attackers. When the attacker engages with the router decoys, it captures all the commands entered into the command line interface, giving valuable intelligence about the attacker s tactics, techniques, and procedures. The ThreatStrike endpoint deception suite includes credentials, mapped shares, and ransomware bait. The deceptive credentials are username and password combinations that are stored on endpoints. They are specifically designed to be indistinguishable from production credentials and lead attackers to the decoys on the network. When an attacker compromises the endpoint and steals the credentials, they will follow them to the decoys and engage. Since the BOTsink solution can project Cisco IOS decoys, the ThreatStrike credentials can be made to look like router credentials and stored where attackers can steal them. REMOTE DEPLOYMENT WITH CISCO The ThreatDirect solution is a VM forwarder mechanism for scaling to remote or branch offices, micro-segmented networks, and cloud environments. Cisco ISR 4000 series & ASR 1000 series routers support running the ThreatDirect solution within the built-in hypervisor. This allows for scaling deception to remote sites with the existing infrastructure already in place, giving deception coverage across the entire enterprise. 8

SUMMARY The Attivo ThreatDefend Platform plays a critical role in empowering an active defense with in-network threat detection and native integrations to dramatically accelerate incident response. Together, Attivo Networks and Cisco provide joint customers significant improvement in their active defense strategy. Information sharing and the automation of incident response, for blocking and quarantining an active attack, can dramatically reduce the risk and impact of a potential breach. Attivo Networks deception technology allows for the real-time detection and identification of reconnaissance activities and early lateral movement infections that are often the first step in a sophisticated breach strategy. Configuring BOTsink engagement servers to integrate with the Cisco pxgrid, ISE, and ASA delivers an effective and efficient solution for early threat detection, prompt incident response, and the derailing of cyberattacks. The added features that enhance Cisco-based deception further aid in authenticity and comprehensive deception coverage. Together, Attivo Networks and Cisco Systems can increase network defenses in an operationally efficient manner. ABOUT ATTIVO NETWORKS Attivo Networks provides real-time detection and analysis of inside-the-network threats. The Attivo ThreatDefend Deception and Response Platform detects stolen credentials, ransomware, and targeted attacks within user networks, data centers, clouds, SCADA, and IoT environments by deceiving an attacker into revealing themselves. Comprehensive attack analysis and actionable alerts empower accelerated incident response. www.attivonetworks.com ABOUT CISCO SYSTEMS Cisco is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. www.cisco.com 2018 Attivo Networks. All rights reserved. Attivo Networks, ThreatDefend, and ThreatPath are registered trademarks of Attivo Networks, Inc. 060118 www.attivonetworks.com Follow us on Twitter @attivonetworks

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback