Visibility and assessment of vulnerable attack paths
Attivo Networks announced that its ThreatMatrix Deception and Response Platform has been enhanced to provide an organization’s visibility and assessment of vulnerable attack paths.
It provides insight into how an attacker would target misconfigured systems or misused credentials and then automating the response actions to isolate these systems from causing additional infection, exfiltrating data or harming critical infrastructure.
The software has also enhanced its deception technology to misdirect and detect attackers seeking to begin their attack by targeting Microsoft Active Directory, which is a favored target for attackers seeking credentials for attack escalation. The new release also includes an expansion of the ThreatMatrix Platform to support routed networks, for micro-segmented datacenters and enterprises networked across multiple locations and branch offices.
The platform provides real-time threat detection and attack forensic analysis for accelerated incident response and remediation. The platform is designed to provide early detection of cyberattacks from all threat vectors including zero-day, stolen credential, ransomware and phishing attacks that are renowned for bypassing traditional prevention systems.
Provides an attack path vulnerability assessment based on likely attack paths that an attacker would have traversed through misconfigured systems or credential misuse. Visual illustrations of attacker paths based on penetration techniques provide insight into risks and clickable drill downs provide the details of weaknesses and IP addresses for systems needing to be isolated and/or fixed.
Active Directory deception and detection
Organizations running the Microsoft Windows Server platform are susceptible to attacks where attackers exploit and gain un-authorized access to Active Directory. Attivo ThreatMatrix BOTsink integrates deception into the organization’s Active Directory Infrastructure to deceive and identify attackers seeking to gain escalation privileges.
Routed network support
ThreatMatrix BOTsink engagement servers can now engage with deceptive IP addresses and networks on routers over Layer 3 GRE tunnels, which is ideal for micro-segmented datacenters, enterprises networked across multiple locations and branch offices. The solution will also support sending Darknet IP traffic to the deception servers, which will dynamically engage attackers and deceive them into revealing themselves.