Attivo Networks, a startup launched last year, has upgraded its deception technology so businesses can deploy it within the portion of their corporate cloud that is hosted by Amazon Web Services.
That means customers can lure attackers to what looks like legitimate physical and virtual machines among their production AWS resources. It lets attackers carry out their exploits harmlessly to see what damage they are trying to do. This information can be used to find instances of the attack against real physical and virtual machines that are in use.
Along with support for AWS, the company is introducing an upgraded management system that gives a single view of all the Attivo devices deployed in a single business network rather than viewing one at a time.
The Attivo platform, called BOTSink, inserts decoy machines into every VLAN on the network to detect when threats scan for vulnerable machines, says Attivo CEO Tushar Kothari. The decoy machines are outfitted with a range of operating systems and can be customized with a full set of the standard-build applications on endpoints. Botsink can be a plug-in appliance or a virtual appliance.
Part of the platform called Information Relay Entrapment System spreads breadcrumbs to attract attackers – cookies in cache and other artifacts that make the decoys seem more real to attackers’ scanning tools. “It makes it very difficult for anyone to differentiate them from real, used machines,” Kothari says.
Attivo gear can integrate with other customer security devices such as SIEMs, firewalls, IDSs and IPSs.
The company was founded in 2011 by B.J. Shanker (VP Operations), Mano Murthy (SVP Global Operation) and Marc Feghali, (VP Product Management). Shankar and Murthy cofounded Allegro Systems, which was acquired by Cisco. Feghali has worked or Cisco, 3Com and Compaq.
The company, whose name means active in Italian, has been shipping products for three quarters. It is based in Freemont, Calif., and is funded with $8 million from Bain Capital.
Sign up for CIO Asia eNewsletters.