Attivo Networks®, the award-winning leader in deception for cyber security threat detection, today announced an expansion of the Attivo Deception Platform, which provides real-time threat detection and accelerated incident response, to now support the Internet of Thing (IoT) ecosystem. This new enhancement complements the existing Deception Platform that supports user networks, data centers, cloud and ICS-SCADA environments. “Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015”, bringing a whole new set of cybersecurity risk and the need for real-time attack detection.
IoT systems are network connected devices that collect and exchange data, allowing enterprises to increase efficiency and productivity. IoT networks bring in a diverse amount of connected devices and can introduce multiple points of vulnerabilities in the networks. High-availability and safety are important attributes of IoT deployments and downtime of IoT sensors/network can cause significant damage to an organization and in some cases public safety. Just a few of the security challenges that these devices bring include a dramatic increase in unauthorized access, weak encryption, targeted attacks exploiting vulnerabilities in vendor software, weak passwords and many more. Once inside the network, attackers can use stolen credentials or move laterally to gain illegitimate access to company assets and information. Rich IoT targets include PACS (Picture archive and communications system) servers which store critical patient data such as x-rays and other digital images, payment gateways for credit card processing, and other data gathering and aggregation frameworks.
The Attivo Networks Deception Platform is designed to detect cyber attackers regardless of whether the attack is a targeted, stolen credential, ransomware, or insider threat. Customers can configure the Attivo Deception Platform to look identical to IoT systems based on XMPP, COAP, MQTT, HL7 and DICOM based PACS servers in their networks. The Attivo BOTsink® engagement servers and decoys can then be customized to appear as production IoT sensors and servers, deceiving attacker into thinking they’re authentic. By engaging with decoys and not with production devices, the attacker reveals themselves and can be quarantined and studied for detailed forensics that can be used for remediation and future prevention.
“With the growing number of IoT devices in production networks, even minor security issues can turn into significant problems. This new surge of IoT devices will be a cyber attacker’s playground with introduction of new data exchange mechanism and traditional security infrastructure being ill equipped to prevent threat actors from using these devices as an onramp to their network.” said Tushar Kothari, CEO of Attivo Networks. “Given the inability to run anti-virus or apply typical prevention measures, deception will play a critical role in the early threat detection and response to IoT cyberattacks.”
According to Gartner analysts Ray Wagner,Earl Perkins,Greg Young, Anmol Singh and Lawrence Orans in their December 2015 report Predicts 2016: Security for the Internet of Things, “Discovery, provisioning, authentication and data protection will account for 50% of all security spend for IoT through 2020… by year-end 2018, over 50% of IoT device manufacturers will remain unable to address product threats emanating from weak authentication practices.