Validating deception’s ability to serve as a reliable security control for closing in-network detection gaps, Attivo Networks has released results of a penetration test conducted by a top computer forensics company that specialises in penetration testing and has also announced the ThreatInject simulation tool for testing deception resiliency. By creating an authentic synthetic network based on deception, organisations change the asymmetry on attackers by placing high-interaction traps and lures that efficiently reveal an attacker’s presence.
Attivo Networks®, a leader in ‘deception’ for cyber security threat detection, has announced industry validations that Attivo Networks deception effectively fools attackers.
Validating deception’s ability to serve as a reliable security control for closing in-network detection gaps, the company has released results of a penetration test conducted by a top computer forensics company that specialises in penetration testing.
By creating an authentic synthetic network based on deception, organisations change the asymmetry on attackers by placing high-interaction traps and lures that efficiently reveal an attacker’s presence.
Pen testing is used for compliance and to test the resiliency of an organisation’s security controls. A mission is often defined by a Red Team’s ability to capture an embedded flag without being detected. Blue Teams, the ‘defenders’, are using deception to obfuscate the attack surface and trick the Red Team, much like an attacker, into making a mistake and revealing their presence.
In this test scenario, an advanced pen tester gathered information and attempted to execute their attack over the period of a week in order to capture the flag. Immediately upon activating their attack, Attivo was alerted to the tester’s presence and captured and recorded all of his actions. This test scenario validated the authenticity of deception and the accuracy to provide early detection of a threat, and proved that even expert pen testers can be fooled by deception.
To validate the resiliency of deception and stolen credential detection, Attivo Networks has released its ThreatInject simulation tool. Credential theft attacks are inherently difficult to detect because perimeter and anti-virus solutions are not designed to detect attacks based on credential use or lateral movement. Credential-based attacks start with attackers extracting user credentials from various places like credential manager and registry and memory using tools like Mimikatz and utilising them to move laterally or compromise remote systems.
Once an attacker steals credentials, they will either assume they are all real, as they are unable to validate them, or they will try to verify them against Active Directory. Deploying deception on the endpoints changes the credential landscape by adding deceptive credentials and deceptive hosts that appear valid and authentic.
The ThreatInject simulator provides the ability to discover managed and unmanaged credentials, and test their authenticity along with the computers that these credentials point to. The simulator will demonstrate an attack launch using the selected credentials, query Active Directory to calculate authenticity and understand credential access, and to simulate attacker behaviour.
Similar to a pen test, the ThreatInject simulator empowers an organisation with a window into what an attacker would see for credentials and computer hosts, verifies that an attacker is unable to determine fake credentials and demonstrates that their deception environment is working accurately and reliably.
Attivo Networks took the public challenge at last year’s ISSA International Conference where Attivo Networks sponsored the Capture the Flag event that challenges participants to hack into a network and steal information from certain assets or ‘flags’ without getting caught.
For this event, Attivo Networks publicly announced that it had deployed deception across the entire network to deceive and detect attackers as they try to move laterally in the network looking for the flags. By adding deception, the game was more challenging, and also answered the question: Is deception technology authentic enough to fool skilled attackers?
Collectively, this pen test validation, the ThreatInject simulation tool and taking the CTF challenge all provide substantial validation to the resiliency of deception and its ability to fool and misdirect attackers, putting offensive control back into the hands of the organisation and away from the attacker.