Fortinet Fabric-Ready Partner Spotlight: Attivo Networks

Q&A with Carolyn Crandall, CMO at Attivo Networks

Fortinet sits down with Fabric-Ready Partner, Attivo Networks, to learn what’s top of mind for its customers, the key IT challenges they are facing, and how Attivo Networks’ approach to integrated security is helping drive business and customer success.

Tell us a bit about Attivo Networks business and the types of customers that you serve.

Attivo Networks® is the leader in deception for cyber security defense. Founded on the premise that even the best security systems cannot prevent all attacks, Attivo provides the required in-network visibility and substantiated, actionable alerts to detect and analyze cyber attacks, and accelerates defense through integration with prevention systems.  

The core solution offered is the ThreatMatrix™ Deception-Based Threat Detection and Continuous Response Platform, which is a comprehensive deception platform for detecting all types of threat vectors in user networks, data centers, and specialty environments of SCADA, IoT, and POS.

Since ThreatMatrix is not inline, installation is frictionless, highly scalable, and does not require process changes or network redesign. Many Fortune 500 companies and mid-sized businesses across government, financial, healthcare, energy, entertainment, and other verticals have seamlessly managed to adopt, integrate, and deploy the solution globally as part of their existing security infrastructure. 

What is the top IT challenge or concern that your customers face today?

DJ Goldsworthy, Senior Manager of Threat and Vulnerability Management at Aflac, Inc. said, “Attackers have to be right only once but security people have to be right all the time.” He couldn’t have been more right.

The reality is that 9 in 10 companies today claim to have been breached, with over 59% stating physical damage from at least one of these attacks. Despite greater investments by our customers in security products, with the hopes of improving monitoring and detection of advanced threats, they are able to detect only 20% of the breaches internally.

While legacy solutions like FortiGate continue to protect the perimeters, there is an obvious lack of visibility inside the networks, and that is what the ThreatMatrix platform is striving to bridge. A highly innovative and efficient solution, it is complementary to perimeter solutions and provides an additional line of defense against threats that manage to bypass them.

The evidence-based, substantiated alerts and forensic reporting empower the prioritization of events, resulting in automated threat containment and management without requiring additional resources, and the curtailing of alert fatigue, thus addressing the challenge of too many false positives.     

Attivo Networks recently joined Fortinet’s Fabric-Ready Partner Program. Can you share a bit about your history of working with Fortinet and why being an alliance partner in our program is important for your business and customers? 

The Attivo Networks four pillars of security beliefs – authenticity, accuracy, scalability, and providing a complete security solution, align closely with the Fortinet Fabric message of holistic security. Today, customers want a 360-degree view of cyber activity, from network to endpoint, to weave together insight and action.

By leveraging the Fortinet Security Fabric’s APIs, the Attivo Networks ThreatMatrix platform can continue empowering joint customers with continuous threat management. By combining Attivo Networks real-time in-network visibility and forensic reporting with Fortinet’s advanced security and network segmentation capabilities, this alliance partnership will bring seamless protection to critical infrastructures of our joint customers worldwide.

Are you seeing a shift in IT or cybersecurity buying criteria from your customers for solutions that is by nature more open, automated, and able to interoperate with their existing infrastructure?

In a recent survey, Anderson Research found a dramatic shift in organizational security budgets in favor of detection solutions. Key motivators included early visibility to in-network threats or misconfigurations that could lead to a breach, followed by automated attack correlation for resource efficiency, automated blocking and quarantine of attacks of accelerated incident response, and the elimination of false positives for accuracy and incident response efficiency.

Customers can overcome these challenges by leveraging the comprehensiveness and efficiency of the joint solution. In the event of an attack, the ThreatMatrix Platform can automatically update the FortiGate Firewall with details required to immediately block the attack and shut down an attacker’s access and ability to exfiltrate data or credentials, helping the customers attain a stronger security posture, and validate the shift to open and interoperable solutions.

How will the Fabric-Ready integration between Attivo Networks and Fortinet accentuate the fight against cyber crime?   

The Fabric-Ready program brings together the Attivo ThreatMatrix and the FortiGate Platform over their open APIs. Attivo’s patented breach detection technology can lure attackers into revealing themselves as soon as they attack the network. It is unique in that it uses real operating systems and services as opposed to emulation to make it extremely difficult for attackers to distinguish from real assets. The systems are customizable to the extent that golden images can be utilized

As soon as the ThreatMatrix detects an attack inside a network, it alerts the FortiGate Platform with the needed attack information, including attack signatures, details on the infected nodes, and attacker activity that will help streamline mitigation of ongoing risks and prevent future cyber attacks, enabling customers to benefit from two industry-leading solutions. This level of cyber crime intervention and activity is unprecedented in the security industry

What are the business and technical advantages to enterprises or MEs investing in this integrated product?   

The business advantages include a new means to protect valuable corporate assets from threats that are not being defeated by current perimeter defense solutions.The technical advantages include advanced techniques to provide false credential lures at every endpoint to lure attackers to the platform, real operating systems and services—including the use of golden images—to increase the deception, automation that reduces the cost of maintenance, alarms that only go off with actual attacker engagement, easy, low cost deployment, and the only deception-based technology that can scale to meet the needs of Fortune 500 networks.

What security issues do you feel are being addressed by using the integrated solution through the Fabric Ready Partnership?

A representative from Marvell Semiconductors stated it best when he said, “The Attivo Networks solution identifies threats inside our networks that have moved through our current perimeter protection, and that is vital for us so we can take action before any of our data can be affected.”

Perimeter security solutions, alone, are no longer proving adequate as a line of defense against cyber attacks. Reconnaissance and stolen credential attacks inside the network are getting missed under a mountain of alerts that security administrations receive consistently. The number of breaches reported by companies are only increasing, putting the information of their customers at risk of exfiltration. It’s no surprise then that security professionals are now approaching the problem with an ‘assumed breach’ posture.

The Attivo dynamic deception solution provides organizations with a way to complement their existing security infrastructure by continuously detecting and alerting them to breaches that have bypassed perimeter solutions. Customers will be able to efficiently detect and learn relevant analysis on attacks to automatically trigger remediation with FortiGate, and prevent future attacks. Only actual engagement with attackers will generate alerts, eliminating false-positives and securing the prioritization of events.