Attivo Networks ThreatDirect™ Deception in a Docker Container


Networks are constantly evolving to meet the demands of ever-expanding digital business infrastructure. Organizational networks can now include remote offices, branch offices, retail stores, or other sites outside of the headquarters network. Users no longer need to be tethered to a desktop with a patch cable or working from a corporate office. They are just as likely to access corporate services on a wireless network through the cloud or SaaS providers as they are to connect to a VPN. As more organizations have adopted virtual environments and infrastructures, they have also moved to reusable, portable, scalable applications for operational efficiency. This movement has given rise to Docker and other container solutions that can run applications anywhere, whether on a single system, a virtual machine, or in the cloud. Cisco Systems provides the Catalyst 9000 family of switches with an application hosting framework that can manage docker container applications that run on devices.

Attivo Networks provides the ThreatDefend™ threat detection platform that uses deception technology to identify and alert on in-network attackers, whether external or insider, as they attempt to steal credentials, conduct reconnaissance, and move laterally. The solution does not depend on signature matching, anomaly detection, or extensive analysis. The solution uses network, endpoint, application, and data deceptions, deploying decoys that are indistinguishable from real systems, driving the attacker into engaging with the deception environment, and thus revealing themselves. The platform is effective because it provides comprehensive deception and can scale across any attack surface. Wherever the attacker goes, deception is there to meet them.
One of the elements that make the ThreatDefend platform effective at scaling is the ThreatDirect™ solution, a virtual machine forwarder that deploys deception at remote offices, branch offices, or the cloud. The technology works by taking unused IP addresses at the remote sites or the cloud and forwarding any traffic it receives to an Attivo BOTsink® deception server for engagement. This BOTsink server could be appliance-based, virtual, or deployed in the cloud, and effectively scales the deception environment using the existing virtual infrastructure to the remote sites with little effort. Attivo Networks, as a Cisco Solution Partner, added the Attivo ThreatDirect solution as a container application to its ThreatDirect family of products. This Attivo ThreatDirect container application can be run in the Catalyst 9000 switches and managed by the Cisco DNA Center platform for ease of deployment and management. Remote offices and branches benefit from the same security coverage that Attivo Networks provides to the main corporate offices.
The partnership between Attivo Networks and Cisco Systems includes integrations with the ASA firewall, the ISE network protection platform using Cisco pxGrid, and hosting of the ThreatDirect solution. With the Cisco ASA firewall, the ThreatDefend platform can send attacker address to block any exfiltration attempts. With the Cisco ISE integration, the platform can send an attacker address to quarantine and prevent any lateral movement inside the network. Now, with the introduction of the ThreatDirect container application, organizations can deploy the ThreatDirect container application with Cisco Catalyst 9000 switches, providing organizations with more choice in how they deploy deception while leveraging their existing Cisco equipment for added value.[Source]-https://blogs.cisco.com/developer/attivo-networks-threatdirect
Beginners & Advanced level Docker Training Course in Mumbai. Asterix Solution's 25 Hour Docker Training gives broad hands-on practicals.

Comments

Post a Comment

Popular posts from this blog

Is Data Scientist & Data Analyst are same? Learn the Differences Now!

Image
If we talk about the hottest jobs in tech right now, then only two names will pop up in your mind those are a data analyst or data scientist.  And, that’s not only we are saying even the Harvard Business Review declared “data scientist” as the“sexiest job of the 21st century .” But there is a lot of confusion between both the names even people who have some basic knowledge of data science consider both the job profiles as one.  Well, the reason behind this confusion is both of the professions deal with big data, rather defined vaguely and sometimes used interchangeably with one another. So, here we are to explain the differences between the two of them and that too in the easiest way. Let’s begin the brief introduction of both the terms, followed by skillsets each require to understand well.   Definition a. Data Analysts Data Analysts play a vital role in the Data Science domain. As a role, they play a variety of tasks associated with collectin...
Read more

What Is Java? A Beginner’s Guide to Java and Its Evolution

What is Java used for? Before I answer the question, what is Java used for, let me brief you about why you should choose Java. Java is highly popular and has dominated this field from early 2000’s till the present 2018. Java has been used in different domains. Some of them are listed below: Banking: To deal with transaction management. Retail: Billing applications that you see in a store/restaurant are completely written in Java. Information Technology: Java is designed to solve implementation dependencies. Android: Applications are either written in Java or use Java API. Financial services: It is used in server-side applications. Stock market: To write algorithms as to which company they should invest in.   Big Data: Hadoop MapReduce framework is written using Java. Scientific and Research Community: To deal with huge amount of data. Wait! Java can do more. Let’s see how some of the technologies make use of Java as an essential core of their functionalit...
Read more

Full Stack Development : All that you need to know

What is a Full Stack Development professional? A full stack development professional is the one who is having a sound technical knowledge of each and every aspect of development – front end, back end, various operating systems among other details of the technology. These people are usually termed as “developer generalists”. The significant thing to be noted here is that full stack developer should not be confused with senior developers. In nutshell, this stack of developers can create any complex application from the scratch, provided they would have understood how each technical layer should interact with the other. Why Full Stack Development? At the beginning of this post, we have mentioned about a query that had instantly popped in the mind – why would a company require full stack development professional. Here’s the answer: 1. Creation of unique code: The developer or the agency would be able to create a unique code for multiple technologies; as they could work with ...
Read more