ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Similar documents
ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

Checklist for Evaluating Deception Platforms

WHITEPAPER DECEPTION TO ENHANCE ENDPOINT DETECTION AND RESPONSE

WHITEPAPER DECEPTION FOR A SWIFT DEFENSE

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

The Art and Science of Deception Empowering Response Actions and Threat Intelligence

Building Resilience in a Digital Enterprise

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

SIEM Solutions from McAfee

Defend Against the Unknown

RSA NetWitness Suite Respond in Minutes, Not Months

Sandboxing and the SOC

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

with Advanced Protection

Introduction to Threat Deception for Modern Cyber Warfare

CloudSOC and Security.cloud for Microsoft Office 365

The Cognito automated threat detection and response platform

THE ACCENTURE CYBER DEFENSE SOLUTION

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

McAfee Endpoint Threat Defense and Response Family

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

McAfee Advanced Threat Defense

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

ForeScout ControlFabric TM Architecture

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Reducing the Cost of Incident Response

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

RSA INCIDENT RESPONSE SERVICES

esendpoint Next-gen endpoint threat detection and response

Securing the Software-Defined Data Center

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

McAfee epolicy Orchestrator

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Sustainable Security Operations

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

RSA INCIDENT RESPONSE SERVICES

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

McAfee Public Cloud Server Security Suite

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

SIEM: Five Requirements that Solve the Bigger Business Issues

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

AKAMAI CLOUD SECURITY SOLUTIONS

Securing Your Microsoft Azure Virtual Networks

MCAFEE INTEGRATED THREAT DEFENSE SOLUTION

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Bromium: Virtualization-Based Security

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Security by Default: Enabling Transformation Through Cyber Resilience

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Seceon s Open Threat Management software

How Vectra Cognito enables the implementation of an adaptive security architecture

Compare Security Analytics Solutions

CyberArk Privileged Threat Analytics

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

ForeScout Extended Module for Carbon Black

Endpoint Security for the Enterprise. Multilayered Defense for the Cloud Generation FAMILY BROCHURE

MITIGATE CYBER ATTACK RISK

Reserve Bank of India Cyber Security Framework

McAfee Virtual Network Security Platform

Security and Compliance for Office 365

NEXT GENERATION SECURITY OPERATIONS CENTER

Integrated, Intelligence driven Cyber Threat Hunting

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cylance Axiom Alliances Program

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Global Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

McAfee Endpoint Security

Traditional Security Solutions Have Reached Their Limit

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

Deception: Deceiving the Attackers Step by Step

May the (IBM) X-Force Be With You

Securing Your Amazon Web Services Virtual Networks

Streaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV

Infoblox as Part of the Ecosystem

Trend Micro and IBM Security QRadar SIEM

RSA Security Analytics

SIEMLESS THREAT DETECTION FOR AWS

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Microsoft Advance Threat Analytics (ATA) at LLNL NLIT Summit 2018

Symantec Ransomware Protection

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Transcription:

PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response by enabling the automated quarantine of infected endpoints, redirection of potentially malicious traffic, and threat intelligence sharing with other McAfee partners. The Attivo Networks ThreatDefend platform s native integrations with McAfee epolicy Orchestrator (epo), Enterprise Security Manager (ESM) SIEM, and Network Security Platform (NSP) allow for an accelerated incident response. The integration in the Data Exchange Layer communication fabric provides a robust and efficient way to share rich forensic information across multiple solutions. Leveraging these integrations, customers can review alerts and the accompanying attack forensics, assign endpoint policies to automatically block and isolate systems deemed compromised, identify and alert on credential theft and reuse, redirect malicious traffic, and share threat intelligence. Security operations teams can gain time and reduce the resources required for detecting threats, reporting and analysis of attacks, and managing incidents. These integrations improve visibility into in-network threats, enhance policy compliance, and provide additional controls for an active defense. 1

THE CHALLENGE The increasing number of advanced threats and damages because of threat actors inside the network has led many organizations to change their overall security posture. The sophistication and high-impact nature of these attacks have compelled security professionals to take a new approach to security, one that provides a balance of prevention and detection security tools and platforms each designed to play an essential role in safeguarding their business. As a result, companies are overwhelmed with information and logs that are not readily shared or leveraged between tools, creating silos of information and operational challenges. Manual efforts to collect data from each tool creates complexity and adds to the overall effort and cost of operations. Moving from one tool to another to correlate information for a comprehensive view and collective response to cyber threats can be time-consuming and too often leaves threats unaddressed. Organizations need a new approach, one without false positives but with high-fidelity alerts that allow efficient and timely responses to cyber threats while also leveraging native integrations to share information and initiate response actions automatically. DECEPTION FOR IN-NETWORK THREAT DETECTION Organizations are actively turning to deception technology as the preferred security control for early and accurate detection of in-network threats. Some are first-time deception technology adopters, drawn to the accuracy and efficiency of the solution, while others are migrating off homegrown honeypot technology for additional accuracy and operational efficiency. Deception technology works by turning the network into a web of sensors with a maze of misdirection that tricks an attacker into engaging and revealing their presence. In a deception network, the attacker need make only one small engagement mistake to reveal their presence. By being present at the network and endpoint layers, deception technology blankets the network with lures and traps designed to attract and engage an attacker during reconnaissance, lateral movement, while harvesting credentials or when seeking to compromise Active Directory. Deception also addresses alert and log fatigue by only generating an engagement-based alert substantiated with threat and adversary intelligence. Advanced Distributed deception platforms will also save time and energy by providing automated analysis of each attack, capturing the attacker s valuable Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs); and by providing actionable intelligence of the attack for improved incident response and to better fortify the network. 2

THE JOINT SOLUTIONS The ThreatDefend platform is comprised of the Attivo Networks BOTsink deception servers, ThreatStrike endpoint deception suite, ThreatPath for attack path visibility, ThreatOps for repeatable response playbooks, DecoyDocs for data loss tracking, ThreatDirect for deployment flexibility in micro-segmented, remote, or branch environments, and the Attivo Central Manager (ACM) for enterprise deception and threat intelligence management. Together, these solutions create a comprehensive early detection and continuous threat management defense against information security threats. The BOTsink solution and the ThreatStrike suite are the main integrations with McAfee solutions. The Attivo Networks BOTsink deception solution improves security in enterprise networks as well as private and public data centers by identifying inside-the-network threats and infected devices in real-time. The Attivo BOTsink solution is based on a deception engagement server that lures attackers to engaging before they can find company production servers. The BOTsink solution uses dynamic application and server level deception techniques to attract and engage attackers so it can collect forensic information to understand the infected endpoint, attacker IP address, and the methods and tools that an attacker is using. Frictionless in its deployment and highly scalable, the BOTsink platform 3

easily scales to detect threats in the enterprise network and in private and public cloud environments. The BOTsink deception is also designed to detect both reconnaissance and targeted attacks. The ThreatStrike Suite includes deceptive credentials, lures, and mapped drives for ransomware attacks that bait and lead the attacker to the BOTsink solution engagement server. The engagement server captures the Indicators of Compromise (IOC) and full Techniques, Tactics, and Procedures (TTP) of the attack. Security teams can install the ThreatStrike Suite at endpoints within the BOTsink solution user interface or through integration with McAfee epo for easy, frictionless deployment. When an attacker attempts usage of these credentials, the BOTsink solution raises a high-fidelity alert, empowering the security operations team to take quick incident response actions. The integration of the ThreatDefend platform with the various McAfee solutions gives organizations real-time detection of cyberattacks and detailed forensics to proactively address and prioritize critical issues for prompt response, information sharing, and remediation. McAfee Enterprise Security Manager (ESM) is a security information and event management (SIEM) solution that delivers actionable intelligence and integrations to prioritize, investigate, and respond to threats. McAfee ESM provides continuous visibility into threats and risk, actionable analysis to guide triage and speed investigations, and orchestration of security remediation. Prioritized alerts surface potential threats before they occur while analyzing data for patterns that may indicate a more significant threat. McAfee s Network Security Platform (NSP) is a next-generation IPS, built for the accurate detection and prevention of intrusions, DoS, DDoS, malware download, and network misuse. Signature-less intrusion detection technology allows the IPS to identify malicious network traffic and stops never-before-seen attacks for which no signatures exist. The McAfee Data Exchange Layer (DXL) communication fabric connects and optimizes security actions across multiple vendor products, as well as internally developed and open source solutions. Enterprises gain secure, realtime access to new data and lightweight, instant interactions with other products. Rapid sharing of information and orchestration of tasks shrink the time to detect, contain, and remediate newly identified threats. Applications can now share the timely threat data they generate and work together to take immediate action. Messages can trigger automated responses from McAfee epolicy Orchestrator to update, clean, quarantine, and more. 4

THREATDEFEND PLATFORM INTEGRATION WITH MCAFEE EPO The ThreatDefend platform and McAfee epolicy Orchestrator are integrated to offer customers a collective defense solution that empowers detection of real-time threats, gathering of attack analysis, manual or automated blocking of attacks and quarantining of endpoints based on suspicious activity. The combined solution also offers a centralized portal that allows easy deployment of the ThreatStrike Suite at endpoints. Together, the solution enables continuous threat management through early detection, analysis, and remediation capabilities. A vital part of the ThreatDefend platform, the BOTsink solution includes distributed decoy systems based on real operating systems and services for the highest levels of authenticity and attractiveness to an attacker. The solution is dispersed across the network to lure the attacker into engaging with it. Once engaged, the attack continues to play out safely in the BOTsink solution, which in turn identifies the infected endpoints, the attacker IP address, and generates attack signatures it communicates to the epo platform. The BOTsink solution or the ThreatOps solution will then initiate endpoint policies enforcing the automated blocking and quarantining of the devices, thus preventing the attacker from completing their mission. The integration of the ThreatDefend platform with the epo platform allows customers to shorten response time with detailed insight provided by actionable dashboards with advanced queries and reports. Organizations receive an efficient solution for early detection of active attacks and prompt incident response handling of cyberattacks. THREATDEFEND PLATFORM INTEGRATION WITH MCAFEE ESM Attivo Networks and McAfee have collaborated to provide continuous threat management using dynamic deceptions for the real-time detection, analysis, event correlation and accelerated response to cyber incidents and ESM. The 5

BOTsink solution generates deception-based detection alerts it displays in its dashboard, but it can also send these alerts and events to McAfee ESM. Substantiated alerts and detailed attack forensics shared with McAfee ESM enhances visibility and helps prioritize critical events for prompt incident response. The configuration is merely a matter of specifying the syslog profile and pointing the specified output to McAfee ESM. Once configured, McAfee ESM becomes the single pane of glass for SOC analysts to manage events and alerts. They will have access to any alerts the BOTsink generates when an attacker engages with a decoy. They can then pull the engagement-based forensic evidence from the BOTsink servers for a thorough analysis of attacker activity. THREATDEFEND PLATFORM INTEGRATION WITH MCAFEE NSP Botnets are a complex and pervasive form of cyberattack that has been used by attackers, for over a decade, to compromise millions of endpoints to carry out cyberattacks. Botnets have been the weapon-of-choice for almost all the major finance-related cyberattacks in the recent years and their evolution in terms of packaging, delivery, strategy, and distribution continually creates challenges for security administrators worldwide. The Network Security Platform (NSP) employs multiple mechanisms to detect advanced botnets. One of the mechanisms is to inspect DNS traffic to blacklisted domains. McAfee s security lab regularly releases updated callback detector files, which contain IP addresses, domains, and URLs of malicious (blacklisted) C&C servers. Analysts can automatically or manually download callback detectors into the Network Security Platform. When McAfee NSP detects a blacklisted domain in the DNS traffic, it modifies the DNS packets such that the C&C traffic is sinkholed to the loopback address or a different server of your choice. The Attivo BOTsink deception server integrates with McAfee NSP, taking the DNS sinkhole concept to the next level, by capturing the full intent of the attack and by providing the forensics required to remediate infected devices. Together, McAfee NSP and Attivo BOTsink deception servers offer a unique method to analyze the TTPs of a targeted attack. This knowledge empowers organizations to quickly identify and remediate infected devices and prevent future cyberattacks. 6

Together, the McAfee Network Security Platform and Attivo BOTsink deception servers offer a unique method to analyze the tactics, techniques, and procedures of a targeted attack. This knowledge empowers organizations to quickly identify and remediate infected devices and defend against future cyberattacks. THREATDEFEND INTEGRATION WITH MCAFEE DXL The McAfee Data Exchange Layer application framework increases integration flexibility and simplicity. Unlike typical integrations, each application connects to the universal DXL communication fabric with just one integration process. Applications can attach and communicate over a universal orchestration layer. One app publishes a message or calls a service; one or more apps consume the message or respond to the service request. The Attivo ThreatDefend platform is a DXL partner and provides deception-based capabilities to other DXL-compliant solutions in the organization Because McAfee epo handles all DXL messages, the configuration is a matter of specifying the access certificate and private key information, the broker certificate and list information, and then confirming connectivity. Any DXL partner solution can then take advantage of the detections, forensic information, network visibility, and threat intelligence IOCs the ThreatDefend platform provides once configured, accelerating incident response and strengthening the overall security posture. 7

SUMMARY The partnership between Attivo Networks and McAfee provides organizations with an effective method of detecting and responding quickly to threats inside the network. The integration of the ThreatDefend solution with the various McAfee solutions allows customers to shorten response time with accurate detection and detailed insight provided by actionable threat intelligence. Organizations receive an efficient solution for early detection of active attacks and accelerate incident responses. ABOUT ATTIVO NETWORKS Attivo Networks is the leader in deception technology for real-time detection, analysis, and accelerated response to advanced, credential, insider, and ransomware cyberattacks. The Attivo ThreatDefend Deception and Response Platform accurately detects advanced in-network threats and provides scalable continuous threat management for user networks, data centers, cloud, IoT, ICS-SCADA, and POS environments. Attivo Camouflage dynamic deception techniques and decoys set high-interaction traps to efficiently lure attackers into revealing themselves. Advanced attack analysis and lateral movement tracking are auto-correlated for evidence-based alerts, forensic reporting, and automatic blocking and quarantine of attacks. For more information visit www.attivonetworks.com. ABOUT MCAFEE McAfee epo software is the industry-leading security and compliance management platform. McAfee solutions deliver the highest levels of threat visibility and antimalware protection, including comprehensive system and endpoint protection, network security, cloud security, database security, endpoint detection and response, and data protection. The complete security solutions extend beyond virus software and antimalware protection to server security, SIEM, and intrusion prevention systems (IPS). Backed by McAfee Global Threat Intelligence, the solutions help companies enhance visibility into their security postures, allowing businesses to embrace virtualization, cloud services, and mobile devices while protecting critical assets and sensitive data, and improving incident response. For more information visit www.mcafee.com. 2018 Attivo Networks. All rights reserved. www.attivonetworks.com 8 Attivo Networks, ThreatDefend, and ThreatPath are registered trademarks of Attivo Networks, Inc. 052018 Follow us on Twitter @attivonetworks

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback