Partner Perspectives: Attivo + Carbon Black Integration Delivers Advanced, Continuous Threat Managem

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Joseph Salazar is the Technical Deception Officer for Attivo Networks.

Cyber attackers have repeatedly proven that they can gain access to the networks of even the most security-savvy organizations. Whether the attacker finds their way in through the use of stolen credentials, zero-day exploitation, a ransomware attack or starting as an insider, they will establish a foothold and move laterally throughout the network until they complete their mission.

Once attackers bypass existing security prevention mechanisms, they can remain undetected and easily move around the network. To quickly detect and shut down these attacks, a new approach is needed.

New approaches focus on the threats that are inside the network and do not use typical measures, such as looking for known signatures, or matching attack patterns, to detect attackers. This new method uses deception to trick attackers into revealing themselves. New approaches to incident response can capture valuable attack forensics that can be used to promptly block attackers from continuing or completing their mission.

What is Attivo Networks?

Attivo Networks® provides real-time detection and analysis of inside-the-network threats. The Attivo ThreatDefend Deception and Response Platform deceives attackers into revealing themselves so that stolen credentials, ransomware, and targeted attacks within user networks, data centers, clouds, SCADA, and IoT environments can be detected. Comprehensive attack analyses and actionable alerts empower accelerated incident response.

Here’s How the Attivo Networks and Carbon Black Integration Works

Attivo Networks integrates with Cb Response (EDR) to provide advanced, real-time, in-network threat detection, and to improve automated incident responses that block and quarantine infected endpoints.

Using this joint solution, customers can review alerts and choose to make manual updates, or alternatively, to create policies that automatically block endpoints based on suspicious activity. Customers can reduce the time and resources required to detect threats, analyze attacks, and to remediate infected endpoints, ultimately reducing the organization’s risk of breaches and data loss.

Attivo + Cb Response (EDR) Use Case

In the case of a financial institution, Carbon Black and Attivo Networks collaborated to defend against potential insider threats. The organization deployed Attivo deception and configured Cb Response to respond quickly should an insider engage with a decoy. As part of their deployment, decoys were projected into their data centers as fake database and file servers.

A few weeks later, an alert was sent to the SOC from a decoy server reporting a login completed using administrative credentials. The deception solution identified the attacking IP, the method of access, and all the activities on the decoy. The Incident Response (IR) team quickly isolated the attacking IP using Cb Response. The Carbon Black investigation revealed a remote access trojan had infected the database administrator’s laptop and stolen his credentials.

Because of the quick detection and isolation, the IR team had the opportunity to quickly prevent a breach and, as part of their investigation into the breach, used the information provided by the alert to identify other systems the attacker had accessed.

How Can I Use This in My Organization?

Carbon Black customers can sign up for a demo of the Attivo Networks ThreatDefend™ platform today.

The post Partner Perspectives: Attivo + Carbon Black Integration Delivers Advanced, Continuous Threat Management and Response appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?