Providing Accelerated Cyber Incident Response Tools

Security MEA speaks to Ray Kafity, the Vice President for Middle East, Turkey and Africa at Attivo Networks about their participation at GITEX Technology Week 2017

What is the primary focus of your participation at GITEX Technology Week this year?
GITEX Technology Week 2017 will be an ideal platform for us to increase the level of awareness and knowledge pertaining to new emerging technologies in cybersecurity such as deception and response platforms. Gartner has highlighted deception as one of the top technologies for information security in 2017.

Hence, at Attivo Networks we aim to equip our current and prospective customers and partners with “deception-based” tools and solutions and other cybersecurity requisites such as accelerated cyber incident response tools and methods to close security gaps and develop a critical line of defence for detecting cyber attackers.

What is the relevance of this show to your business in the region?
GITEX is the region’s biggest technology event and an eminent platform for key industry players to network and drive the information security market. It provides us an excellent opportunity to not only showcase our market-leading deception technology and solutions but also interact with our customers and partners. It helps us stay abreast with the latest developments in the evolving threat landscape and demonstrate how our current and prospective customers can safeguard themselves against an ever increasing wave of advanced cyberattacks.

What kind of products and solutions are you showcasing at the event?
At GITEX, we will be showcasing the following solutions:

  • Our newly announced ThreatDefend Platform, representing the next generation of distributed deception solutions. The new platform takes deception-based threat detection to a new level, addressing growing marketing demand and technology advancements to outmaneuver modern-day attackers that are anticipating detection technology as a security control. Additionally, the solution has further expanded its integration partnerships and forensic attack analysis automations to deliver streamlined playbooks to better arm incident responders with an actionable defense against in-network threats. Designed to install, operate and scale seamlessly, the platform supports environments from across vendors such as datacentre and cloud, user networks, and specialty environments such as industrial control systems (ICS), the internet of things (IOT), points of sale (POS), and SWIFT. Furthermore, this platform is aligned to strategically provide early detection of threats like Advanced Persistent Threat (APT), BOT, ransomware attacks, stolen credentials, and man-in-the-middle (MitM), in addition to accelerated cyber incident response tools and methods.
  • ThreatDirect is a unique benefit of the Attivo solution, basically a ‘forwarder VM’ that negates the need for a local BOTsink device, reducing cost and improving deployment flexibility. The solution provides fully automated attack and malware analysis, and displays findings through a central threat-intelligence dashboard, in a variety of forensic report formats depending on the incident tracking and management protocols.
  • The Attivo ThreatPath solution assesses an attack path’s vulnerability based on most likely attack paths that attackers would take through misconfigured, exposed or orphaned credentials. It also provides a topographical illustration of the paths to predict lateral movement and provides actionable details of weaknesses and identification of the systems that need to be isolated or fixed. When integrated with workflow systems, the solution can activate automated trouble tickets from the dashboard.
  • The Attivo ThreatStrike End-point Deception Solution is a customizable and non-intrusive technology that is used to identify targeted attacks of end-points, servers/VMs, the use of stolen deception credentials, and ransomware attacks on networked drives. The solution also provides for suspicious email submission for threat detection by leveraging the ability to easily forward suspicious emails to the BOTsink automated malware analysis engine. The Attivo ThreatStrike end-point deception suite is deployed agentless across end-point devices without impact and dependency on other endpoint security products and servers. The Suite adds bait and deception credentials to lure attackers and entice threat actors to attack the BOTSink Solution as opposed to production assets and other network resources. The Attivo end-point technology is available as a software upgrade that works with the Attivo BOTsink Solution, which can in turn identify the infected end-point, provide signature updates to firewalls and other prevention devices, and exchange queries with SIEMs to check for attempted use of deception credentials throughout the network.

With the theme for GITEX being ‘Re-imagining Realities’ what steps are you taking in terms of enabling your customers for the ‘smart’ future?
Both the threat landscape and attack surface are evolving. As IoT and third platform technologies take centre stage in the business landscape, safeguarding critical assets of an organization has become a challenge.

Traditional defences such as firewalls and antivirus software are no longer reliable as cyber threats grow more sophisticated.  Moreover with evolving business demands, enterprise IT and security experts are under increasing pressure to respond to unprecedented cyber risks that surface in a heterogeneous IT environment which consists of physical and virtual assets.

Cyber attackers are always on the lookout for a backdoor to compromise the IT infrastructure and critical assets of an organization, no matter the size. Hence, it is vital for organizations to deploy advanced cybersecurity solutions which prevent attacks as much as they can but also provide early detection for threats that have bypassed their defences.

With this in mind, security becomes an important topic which needs to be addressed. Keeping in line with this objective, Attivo Networks aims to enable organizations to strengthen their security agenda with intelligence-led deception-based solutions embodying effective capabilities to proactively guard and respond to threats across all business functions. In addition, we want to ensure our customers can capitalize the new breed of opportunities presented by the smart future by leveraging our industry-leading security solutions.

What kind of IT trends do you see impacting the regional ICT industry in the next two years?
Cyberwarfare has escalated in recent years, in terms of intensity and frequency, with the Middle East being affected by this phenomenon as well. 2016 was characterized by a string of cyberattacks on key industries such as oil and gas, banking and finance and retail.

Moreover, as new internet-enabled devices get released regularly, there is always a risk that lingers in the form of weak security controls which opens a new gateway to accessing data. These devices could be easily held hostage by ransomware, which will eventually lead to extortion. Hence, it’s time to give new innovations in cybersecurity an opportunity to change the game on cyber attackers and not let attackers run uncontested, until damages have been done.

Will you be recruiting new channel partners? If yes, for which markets?
Growing strategic partnerships is a critical component to the company’s growth; Attivo Networks is currently focusing on its existing expansive network of channel partners and will be announcing new partners. Since we operate in a dynamic region, we will expand a select number of strategic partnerships that meet the region’s evolving requirements based on mutual value add and win-win partnerships.

Do you have standalone presence at the event or will you be showcasing with your partner(s)? Can you give us details of your hall and booth at the event?
We will be participating with our partner IXTEL at CLD-13, Hall # 6.