Attivo Networks closes serverless and container security gaps through deception

Attivo Networks announced that the company has further enhanced its portfolio with deception techniques designed to detect and derail attacks targeting serverless applications in cloud and data center environments.

Designed for the dynamic nature of cloud environments and shared security models, organizations can now add a defense across traditional data centers and within public cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

Serverless and container architectures are growing in popularity based on their ability to scale and improve utilization of server resources. However, as with many new technologies, these architectures have advanced ahead of traditional security controls, leaving gaps for attackers to exploit.

These ThreatDefend platform enhancements break new ground in threat detection by covering all attack surfaces and reducing cloud security risks resulting from gaps left by legacy enterprise tools.

ThreatDefend delivers a scalable deception-based defense for the detection of credential theft attempts, in-network lateral movement, and attacks targeting servers and databases.

“Detecting cloud-based, in-network threats and the lateral movement of attackers has been challenging for legacy security controls,” said Tushar Kothari, CEO of Attivo Networks.

“By working closely with our customers, Attivo has developed new functionality within our deception offerings that accurately closes detection gaps and reduces risks, further empowering organizations to leverage the maximum benefits of the public cloud environment. We have achieved this without limiting their ability to detect and respond quickly to threats.”

This new functionality builds upon the company’s ThreatDefend deception portfolio, which provides network, endpoint, application, and data deceptions for servers, cloud, user networks, and specialized environments such as IoT, SCADA, POS, network, and telecommunications.

Unlike other detection methods that rely on signatures, behavioral analysis, or database look-ups, Attivo Networks deception technology provides a defense based on decoy traps and lures. The solution deceives and misdirects an attacker into revealing their presence.

Additionally, since the platform is built with data center scalability in mind, it can operate without reliance on physical and virtual machine architectures.

The new enhancements expand deception decoys and lures for containers, serverless, and cloud shared security models, which will provide scalable detection of attacker lateral movement, credential harvesting, and a means to verify security controls.

Platform enrichments also includes support for Lambda functions and CloudWatch/SIEM monitoring for finding attempted use of deception credentials.

The solution works by creating decoys that appear as production containers and by creating deceptive credentials, which can be embedded in container data sources. The solution will entice in-network attackers with authentic looking credentials, decoys, applications, and database deceptions designed to attract adversaries into engaging.

Any engagement with the deception environment will result in an alert being raised and the collection of threat intelligence; it will also pick up policy violations from both the organization and its providers.

Through the deception environment’s collection of attack forensics, organizations will gain insight into attacker intent and threat intelligence required for blocking attacks, threat hunting, and returning adversary mitigation.

This announcement represents one more step taken by Attivo Networks in providing the flexibility in choice when migrating to container or serverless cloud computing; without concern of security threat detection limitations.