=======================================================
Attivo
Networks Case Study For A Healthcare Solution
This
healthcare company’s experience with attacks from inside their network
continued to plague the CIO until they installed their BOTsink Solutions. The
company believes that their BOTsink Solution has effectively become their last
line of security defense to catch threats that penetrate or slip in the back
door of their network.
Attivo’s Honeynet technology traps the attacker before
any damage can be done to their network
Attacks can easily be trapped in a sinkhole for forensic
study
Security software can be configured to block the threat as
revealed once it engages with their BOTsink Solution
Provides an additional layer of security that easily
scales within large complex networks
Results
The
company has deployed the full suite of Attivo BOTsink solutions:
BOTSink
2500: appliance
and virtual appliance form factors for support of up to 16 and 25 VLANs
respectively
BOTsink
5000: appliance
and virtual appliance form factors for support of up to 100 and 125 VLANs
respectively
Information
Relay Entrapment System (IRES) Endpoint Coverage: when an endpoint is
compromised, the attacker is given IP addresses and login credentials that
leads them directly to the BOTsink solution
By
deploying the complete BOTsink Solution suite, the company is able to discover
the attack at the earliest stage, denying the attacker the time needed to
mount a successful data exfiltration.
Customer
Benefits
When
the company installed the Attivo BOTsink Solution, the key benefits they found
included:
Most
effective way to screen East-West data center traffic with minimal
disruption to their data center operations: not installed in-line; no
processor-intense calculation for packet inspection or data analysis on the
wire
Eliminates
false positives as
it engages hacker attacks on internal network to derive alerts and forensics
Improves
effectiveness of the security staff as they can focus on real threats instead of
chasing false positives
IRES
proven to be very effective with targeted attacks on BYOD devices that steal credentials to access the
corporate. Using the IRES technology, the company drives the hacker into going
after the BOTsink solution where its presence is immediately detected and
mitigated.
The Role of the Attivo BOTsinkTM Solution
The Attivo BOTsink Solution can be used to validate the
effectiveness of security defenses and accelerate the identification of BOTs
and advanced persistent threats (APTs) inside your network. The Attivo BOTsink
solution is a purpose-built, set-and-forget breach detection solution that
complements your FireEye and Palo Alto Networks deployments by ensuring you
have the visibility and defense capabilities you need to engage attackers as
soon as they start to engage on your network looking for your high value assets
and shut them down.
By using the Attivo BOTsink and IRES Solutions, any BOT
or APT that uses scanning or targeted attacks will be caught. As a result, BOTsink
can catch the source of the infection early in its lifecycle to prevent its
propagation and capture full forensic information that can help minimize
remediation efforts.
The Attivo BOTsink Solution can detect and engage both
BOTs and APTs that begin their attack with reconnaissance or scanning to
identify potential targets; and intelligent BOTs and APTs that initiate their
attacks from hijacked endpoints and target specific resources, without the need
for reconnaissance or scanning. Regardless of their methods, the BOTsink
Solution will be able to identify an attacker as soon as they become active to
reduce detection times, uncover infected systems on the network and prevent
whatever comes in from ever getting out. Once engaged, the BOTsink Solution stops
the attack from communicating and propagating; as soon as the attack runs its
course and is catalogued, the environment is reset to completely destroy the
BOT and APT.
Attivo’s Unique HoneyNet Solution
The Attivo BOTsink Solution is ideal for defending
against BOTs and APTs brought into your network via a host of BYOD devices.
With an Attivo BOTsink interleaved throughout your network, you will be able
to:
Reduces
Attack Detection Time—providing
accurate, actionable alerts that quickly and accurately identify infected
clients, including sleeper and time-triggered agents, to enable remediation of
the full extent of the attack before it can do any damage
Capture
Actionable Information—identifies
the infected client, it prevents any ongoing communications outside the
appliance to stop the attack’s propagation
Destroy
the APTs and BOTs—prevents
whatever comes in from ever getting out—stops the attack and destroys the BOT
and APT once data is collected
Guards
your network 24x7x365—self-contained
solution constantly monitors activity and rebuilds itself to ensure optimal
performance.
**Important note** - contact our company for very powerful solutions Sinkhiles for Bots, IP management (IPv4 and IPv6), security, firewall and APT solutions:
www.tabularosa.net
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I
am the founder and president of Tabula
Rosa Systems, a company that provides “best of breed” products for network,
security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT
product information for virtually anyone.
==============================================
No comments:
Post a Comment