CASE STUDY
companies and organisations across the
Middle East, Turkey and Africa can use it
so it spans financial services, ministries,
governments, oil and gas, all across the board.
The solution we offer is basically an
inside-of-the-network threat detection and
response so for those various verticals it
lays out a deception network to lure the
attacker. If there is somebody lurking inside
the network who shouldn’t be there then the
deception will automatically alert and lure
the activity to a safe haven, not the actual
network itself.
Can you explain how deception fools
the cybercriminal?
The way we have done it is we’ve taken
human behaviour, we have understood what
the attacker does usually and what is the
purpose of compromising and penetrating
networks all across the world. We understood
the motives of why hackers do it and we
also understood what they do in a typical
network to reach their objective.
We can plant many different decoy servers
or decoy assets to mimic the customers
environment providing what appears to
be authentic assets to the attacker. The
beauty of those decoy assets, is that the
www.intelligentcio.com
attacker does not distinguish it from the real
server because we use their gold images
if they wish, which is why it is so authentic
and hence effective. A properly designed
deceptive environment will quickly shrink
adversary dwell time and potentially help
mitigate the impact of a breach.
We use machine learning to learn the
topology of the network and the types of
operating systems and then we build decoy
servers that are almost identical to the one
next to it (the real one), so the attacker does
not think that he has fallen into a trap.
We plant our servers in unpublished IP
addresses; as soon as the attacker does
lateral movement in an unpublished IP they
are guilty by association because there is no
need for anybody to come and touch it.
Therefore, once they do this they are
actually captured because this IP address
is mapped all the way up to the Attivo
appliance which s its inside the network.
That is how we capture the attacker inside
our network and we now take over dealing
with him but he doesn’t know that. We are
watching all his moves and recording it in a
forensic file.
What are the main benefits
the ministry can get from the
ThreatDefend Platform?
Dynamic, real-time threat detection and
accelerated and orchestrated incident
response. The emphasis is on early detection
and also accelerated and orchestrated
response with the whole eco-system that the
company or organisation has.
WE IN THE MINISTRY OF ENERGY,
INDUSTRY AND MINERAL RESOURCES
ARE ONE OF THE HIGHEST TARGETED
AGENCIES IN THE KINGDOM.
INTELLIGENTCIO
67