Attivo Networks Case Study For A Healthcare Solution
This healthcare company’s experience with attacks from inside their network continued to plague the CIO until they installed their BOTsink Solutions. The company believes that their BOTsink Solution has effectively become their last line of security defense to catch threats that penetrate or slip in the back door of their network.
Attivo’s Honeynet technology traps the attacker before any damage can be done to their network
Attacks can easily be trapped in a sinkhole for forensic study
Security software can be configured to block the threat as revealed once it engages with their BOTsink Solution
Provides an additional layer of security that easily scales within large complex networks
The company has deployed the full suite of Attivo BOTsink solutions:
BOTSink 2500: appliance and virtual appliance form factors for support of up to 16 and 25 VLANs respectively
BOTsink 5000: appliance and virtual appliance form factors for support of up to 100 and 125 VLANs respectively
Information Relay Entrapment System (IRES) Endpoint Coverage: when an endpoint is compromised, the attacker is given IP addresses and login credentials that leads them directly to the BOTsink solution
By deploying the complete BOTsink Solution suite, the company is able to discover the attack at the earliest stage, denying the attacker the time needed to mount a successful data exfiltration.
When the company installed the Attivo BOTsink Solution, the key benefits they found included:
Most effective way to screen East-West data center traffic with minimal disruption to their data center operations: not installed in-line; no processor-intense calculation for packet inspection or data analysis on the wire
Eliminates false positives as it engages hacker attacks on internal network to derive alerts and forensics
Improves effectiveness of the security staff as they can focus on real threats instead of chasing false positives
IRES proven to be very effective with targeted attacks on BYOD devices that steal credentials to access the corporate. Using the IRES technology, the company drives the hacker into going after the BOTsink solution where its presence is immediately detected and mitigated.
The Role of the Attivo BOTsinkTM Solution
The Attivo BOTsink Solution can be used to validate the effectiveness of security defenses and accelerate the identification of BOTs and advanced persistent threats (APTs) inside your network. The Attivo BOTsink solution is a purpose-built, set-and-forget breach detection solution that complements your FireEye and Palo Alto Networks deployments by ensuring you have the visibility and defense capabilities you need to engage attackers as soon as they start to engage on your network looking for your high value assets and shut them down.
By using the Attivo BOTsink and IRES Solutions, any BOT or APT that uses scanning or targeted attacks will be caught. As a result, BOTsink can catch the source of the infection early in its lifecycle to prevent its propagation and capture full forensic information that can help minimize remediation efforts.
The Attivo BOTsink Solution can detect and engage both BOTs and APTs that begin their attack with reconnaissance or scanning to identify potential targets; and intelligent BOTs and APTs that initiate their attacks from hijacked endpoints and target specific resources, without the need for reconnaissance or scanning. Regardless of their methods, the BOTsink Solution will be able to identify an attacker as soon as they become active to reduce detection times, uncover infected systems on the network and prevent whatever comes in from ever getting out. Once engaged, the BOTsink Solution stops the attack from communicating and propagating; as soon as the attack runs its course and is catalogued, the environment is reset to completely destroy the BOT and APT.
Attivo’s Unique HoneyNet Solution
The Attivo BOTsink Solution is ideal for defending against BOTs and APTs brought into your network via a host of BYOD devices. With an Attivo BOTsink interleaved throughout your network, you will be able to:
Reduces Attack Detection Time—providing accurate, actionable alerts that quickly and accurately identify infected clients, including sleeper and time-triggered agents, to enable remediation of the full extent of the attack before it can do any damage
Capture Actionable Information—identifies the infected client, it prevents any ongoing communications outside the appliance to stop the attack’s propagation
Destroy the APTs and BOTs—prevents whatever comes in from ever getting out—stops the attack and destroys the BOT and APT once data is collected
Guards your network 24x7x365—self-contained solution constantly monitors activity and rebuilds itself to ensure optimal performance.
**Important note** - contact our company for very powerful solutions Sinkhiles for Bots, IP management (IPv4 and IPv6), security, firewall and APT solutions:
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.