SOURCE: Attivo Networks

Attivo Networks

December 14, 2015 09:00 ET

Attivo Networks® Deception Integrates With McAfee® Network Security Platform to Improve the Detection and Prevention of Intrusions

Attivo Certifies as an Intel Security Innovation Alliance Technology Partner

FREMONT, CA--(Marketwired - Dec 14, 2015) - Attivo Networks®, an innovator in deception technology for cyber security defense, today announced that its deception-based Attivo BOTsink® solution is now available as an integrated solution with McAfee® Network Security Platform (NSP). The BOTsink solution will add insight into McAfee Network Security Platform providing additional and detailed forensic information on attacker methods and malicious domains. It also provides Snort signatures based on Botnet methods and behavior that can be used to block infected systems from exfiltrating valuable company data or other malicious activities. Attivo also announced that it has joined the Intel® Security Innovation Alliance™ partner program. Under the Innovation Alliance program, Attivo and Intel Security will work together to drive continuous improvement and integrations to simplify an organization's ability to quickly detect, block, quarantine, and remediate against cyber threats.

The Attivo deception platform provides an additional line of cyber defense by detecting inside-the-network threats. Once an attacker is engaged, the events are fed into the Attivo multidimensional correlation engine to generate an attack sequence. As part of this process, the Attivo BOTsink will let the attack continue and talk to the Command and Control (C&C) server through its sinkhole so the attack sequence can be played out and an attacker's methods understood. As the forensic data is collected, the information can be added to McAfee Network Security Platform so that the infection can be isolated and corrective actions taken. This process can be applied to gain an additional understanding of zero-day attacks, HTTPs, and the increasingly challenging issue of phishing.

Phishing has become a favorite method to exploit unsuspecting employees. Social networking had made it easy for attackers to send targeted mail to victims with high rates of engagement success. A benefit of the Intel Security and Attivo integration is the ability to redirect employee C&C communications to the BOTsink solution where access of URL's in a phishing email or malware downloads can be simulated in a controlled sandbox environment. This will enable organizations to determine if the email is malicious and to gain a better understanding of the phisher's intent.

"The Attivo technology brings complementary functionality to McAfee Network Security Platform by providing access to forensic evidence helpful in isolating and responding to a cyber-attack," said D.J. Long, Head of the Intel Security Innovation Alliance. "With the Attivo BOTsink deception platform, our joint customers have access to additional forensic data and reporting that can help them determine an attacker's objectives more quickly and to respond to the attack as needed."

"Integrating with the McAfee Network Security Platforms was a logical extension to the Attivo BOTsink solution, "said Venu Vissamsetty, Vice President of Security Research at Attivo Networks. "The BOTsink multi-correlation engine is designed to analyze and create detailed forensics on cyber attacks. Driven by interest from joint customers, Attivo and Intel Security completed the integration enabling the BOTsink technology and McAfee NSP platform to work seamlessly together to better understand the attackers' intent, provide forensics, send substantiated alerts, and respond to current attacks."

Resources:

Attivo Networks BOTsink and McAfee NSP Integration Solution Brief

About Attivo Networks
Attivo Networks® is the leader in dynamic deception technology, which in real-time detects intrusions inside the network, data center, and cloud before the data is breached. Leveraging high-interaction deception techniques, the Attivo BOTsink® Solution lures BOTs and APTs to reveal themselves, without generating false positives. Designed for efficiency, there are no dependencies on signatures, database lookup or heavy computation to detect and defend against cyber threats. Attivo solutions capture full forensics and provide the threat intelligence to shut down current and protect against future attacks. www.attivonetworks.com

Follow Attivo Networks: Twitter and Linked In

Attivo Networks and BOTsink are registered trademarks of Attivo Networks in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Intel the Intel logo, McAfee and the McAfee logo are trademarks of Intel Corporation in the U.S. and/or other countries.

No computer system can be absolutely secure.