Advanced Computing in the Age of AI | Friday, March 29, 2024

Attivo Networks Completes Integration With Palo Alto Networks Firewall 

FREMONT, Calif., July 18 -- Attivo Networks, the award-winning leader in deception for cyber security threat detection, announced today an integration combining the Attivo Networks Deception Platform with the Palo Alto Networks Next-Generation Firewall. The integration brings together prevention, detection, and incident response capabilities into a solution that can automatically block infected nodes from gaining Internet access and exfiltrating valuable company data.

The Attivo Networks Deception Platform is designed to detect cyber attackers regardless of whether it is a targeted attack, involves stolen credentials, man-in-the-middle attacks, ransomware, or originates from an insider threat. Not reliant on signatures or known attack patterns, the Attivo solution uses deception technology to detect threats, like zero-day attacks, that are conducting reconnaissance or are moving laterally to escalate their attack inside the network. The Attivo BOTsink® deception decoys are set up to look identical to production assets by using real operating systems and services and can be customized with a customer's production golden image. Attivo end-point deception lures are also planted to entice and misdirect the attacker to Attivo deception servers. By engaging with decoys and not with production devices, attackers are deceived into revealing themselves and can be quarantined and studied for detailed attack analysis.

The Palo Alto Networks Next-Generation Firewall identifies and controls applications flowing across physical and cloud-based networks, inspecting the content for known and unknown malware. As the cornerstone of Palo Alto Networks Next-Generation Security Platform, the next-generation firewall provides the visibility and enforcement needed to safely enable applications and deliver automated prevention against cyber-attacks.

The integration of Attivo BOTsink deception decoys and the Palo Alto Networks next-generation firewall provides customers with attack detection, analysis inside the network, and automated blocking. Intelligence is fed from BOTsink into the next-generation firewall to automatically block infected nodes and prevent cyber breaches. As BOTsink deception decoys identify infected nodes, their IP addresses are sent to the next-generation firewall for policy enforcement via API, effectively quarantining the device, stopping any communication with the Command and Control (CNC) and preventing any data exfiltration.

"Based on strong customer demand for a comprehensive defense, we have integrated the Attivo Deception Platform and the Palo Alto Networks Next-Generation Firewall to provide the best time-to-detection, and the best time-to-remediation for our joint customers," said Tushar Kothari, CEO of Attivo Networks. "Customers using the integration can now benefit from the Palo Alto Networks prevention-first mindset and choose to automatically block alerts of high severity, which in many cases will mean the difference of a small incident vs large scale catastrophe."

About Attivo Networks

Attivo Networks is the leader in dynamic deception technology for the real-time detection, analysis and forensics of cyber-attacks. The Attivo Deception Platform provides inside-the-network threat detection for user networks, data centers, clouds, and ICS-SCADA environments. Not reliant on known signatures or attack patterns, Attivo uses high-interaction deception techniques based on Attivo BOTsink engagement servers to lure attackers into revealing themselves. Combined with the Attivo End-Point Deception Suite, advanced luring technology is deployed to detect the use of stolen credentials, ransomware, and targeted attacks. Comprehensive attack analysis and forensics provide actionable alerts and can be set to automatically block and quarantine attacks for accelerated incident response. For more information visit www.attivonetworks.com


Source: Attivo Networks

EnterpriseAI