Hi [[ session.user.profile.firstName ]]

Boosting MITRE ATT&CK Detection Rates for Endpoint Security

To assist organizations in addressing cyber risk, MITRE introduced a means for testing the ability of specific solutions to detect inbound attacks based on the MITRE ATT&CK framework. Evaluation results released include data for leading commercial endpoint security providers. Join Edward Amoroso, CEO of TAG Cyber and Tushar Kothari, CEO of Attivo Networks to learn how Attivo Networks solutions augment these endpoint security tools by an average 42% increase in detection rate. Test methodology and results will be shared on APT29 and APT3 attack emulations run and the enhanced performance gained when Attivo is added for detecting lateral movement.
Recorded Jul 1 2020 54 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Tushar Kothari, CEO, Attivo Networks & Edward Amoroso, CEO, TAG Cyber
Presentation preview: Boosting MITRE ATT&CK Detection Rates for Endpoint Security
  • Channel
  • Channel profile
  • Be Resilient with IBM and Attivo Networks Aug 19 2020 6:00 pm UTC 60 mins
    Joseph Salazar, Technical Deception Engineer, Attivo Networks
    Attivo Networks® has integrated with IBM® to provide advanced security orchestration and incident management through the Resilient SOAR platform, giving customers on-demand deployment for the Attivo Networks ThreatDefend® platform decoys. The integration reduces an organization’s time and resources required to detect, identify, and respond to threats while collecting forensics and developing threat intelligence to reduce the risk of a successful attack.

    Join this session to learn how:
    • The ThreatDefend platform detects advanced attackers with speed and accuracy
    • IBM Resilient adaptively deploys decoys on demand
    • The joint solution accelerates incident response with automated playbooks
    • The solution collects forensics and develops company-centric threat intelligence
  • Hunting Threats with FireEye and Attivo Networks Aug 5 2020 6:00 pm UTC 60 mins
    Joseph Salazar, Technical Deception Engineer | Attivo Networks
    Attivo Networks® has partnered with FireEye to provide advanced, real-time, in-network threat detection and improve automated incident response to stop active attacks. With the joint solution, customers can review high fidelity alerts based on suspicious activity and gain the intelligence needed to hunt for and isolate other compromised systems based on suspicious activities. Organizations can reduce the time and resources required to detect threats, analyze attacks, and remediate infected endpoints, ultimately decreasing the organization’s risk of breaches and data loss.

    Join this session to learn how:
    • The ThreatDefend platform detects advanced attackers with speed and accuracy
    • The joint solution captures and analyzes advanced malware threats
    • The joint solution accelerates incident response with automated blocking of infected systems
    • The solution collects forensics and develops company-centric threat intelligence
  • Hide and Deny Access to Ransomware Attackers Jul 23 2020 5:00 pm UTC 60 mins
    Carolyn Crandall, CMO, Attivo Networks & Srikant Vissamsetti, SVP Engineering, Attivo Networks
    The dynamics of ransomware attacks have changed, and to keep ahead, your security tool kit must too.

    Join this webinar with Srikant Vissamsetti, SVP of Engineering and Carolyn Crandall, Chief Deception Officer and CMO of Attivo Networks to explore how to fake out even the most advanced human-operated ransomware and stop it in its tracks.

    In this webinar, you will get unique insights into the most modern ransomware attack tactics and how the Attivo ThreatDefend solution is used to achieve early detection of cyber-attackers. New Endpoint Detection Net (EDN) capabilities will be shared along with how they prevent attackers from moving laterally, escalating privileges, and finding and accessing the files, folders, mapped network and cloud shares they seek to tamper with. The session will also be open for audience Q&A.
  • Boosting MITRE ATT&CK Detection Rates for Endpoint Security Recorded: Jul 1 2020 54 mins
    Tushar Kothari, CEO, Attivo Networks & Edward Amoroso, CEO, TAG Cyber
    To assist organizations in addressing cyber risk, MITRE introduced a means for testing the ability of specific solutions to detect inbound attacks based on the MITRE ATT&CK framework. Evaluation results released include data for leading commercial endpoint security providers. Join Edward Amoroso, CEO of TAG Cyber and Tushar Kothari, CEO of Attivo Networks to learn how Attivo Networks solutions augment these endpoint security tools by an average 42% increase in detection rate. Test methodology and results will be shared on APT29 and APT3 attack emulations run and the enhanced performance gained when Attivo is added for detecting lateral movement.
  • Ghost Army, Why Let Attackers Have the Advantage? Recorded: Jun 23 2020 61 mins
    Jim Cook, Regional Director, Attivo Networks & Andrew Scully, Head of Cyber, Shelde
    Cyber Attackers have always been able to trust that their tools and technology. If they manage to break into an organisation’s network through technical means or simply by getting a job there - they can use those tools to understand how to traverse the network and what Tactics and Techniques will allow them to reach their goal without being detected.

    The same can’t be said in the physical world, where Attackers have never been able to rely 100% on their observations. There are many examples throughout history of Attackers and Defenders deceiving each other – so what lessons can be derived from the physical world and how are organisations applying those lessons in Cyber?

    Hear from Jim Cook – Regional Director for Attivo Networks on some of the most effective misdirection in history and special guest Andrew Scully – Head of Cyber from Shelde who shares some personal stories of using deception technology to catch attackers.
  • You Can’t Mitigate Breach Impact If You Don’t Detect It Recorded: Jun 17 2020 65 mins
    Tony Cole, CTO, Attivo Networks & Gary S. Miliefsky, Chairman of the Board, Cyber Defense Media Group
    It’s 2020 and the breaches just keep coming. Hear from Attivo Networks CTO, Tony Cole, in this discussion on how to better protect your endpoints and prevent attackers from moving laterally across your enterprise. Attivo Networks has pioneered a new approach to protecting endpoints with their Endpoint Detection Net (EDN) solution. Designed to serve as a force-multiplier to EPP and EDR solutions, EDN dramatically reduces risk to modern endpoints by efficiently closing detection gaps while providing ongoing visibility.

    Watch the webinar to hear about:
    -Perspectives on the Cybersecurity Industry’s State of Affairs
    -Gartner’s, MITRE’s, and NIST’s take on Deception Technology
    -Deception-Based Threat Detection Solutions for Common Security Challenges
    -Partner Technology Integrations that are Serving as a Force Multiplier for Existing Technologies, -Processes, and Resource Productivity
  • Better Endpoint Defense with CrowdStrike and Attivo Networks Recorded: Jun 4 2020 47 mins
    Joseph Salazar, Technical Deception Engineer | Attivo Networks
    Join Attivo Networks as we reveal how the integration between the ThreatDefend® platform and the CrowdStrike Falcon Insight EDR solution combines accurate in-network detection with automated response actions to isolate attackers and empower organizations to respond quickly to attackers already inside the network.
    The integrated solution provides organizations an advanced level of visibility and improves overall incident response to block and quarantine attackers before they spread. The solution works by accurately detecting attackers as they attempt to move laterally and quarantining the compromised systems either manually or automatically.

    Hear how our joint solution can provide your organization with:
    •Advanced detection of threats that evade existing security controls
    •Enhanced visibility into attack activity early in the attack cycle
    •Accurate, event-based alerts with detailed attack forensics
    •Automated incident response to mitigate attacks
    •Increased operational efficiency
    •Collection of company-centric threat intelligence to improve defenses
  • Reducing EDR Cyber Risk with Deception Recorded: May 19 2020 59 mins
    Tushar Kothari, CEO of Attivo Networks & Edward Amoroso, CEO of TAG Cyber
    Join Tushar Kothari, CEO of Attivo Networks and Edward Amoroso, CEO of TAG Cyber for a technical discussion of how deception can be used to dramatically reduce cyber risks to modern endpoints. Hear about how popular endpoint detection and response (EDR) solutions can be enhanced via deceptive means to prevent malicious actors from leveraging endpoint access to laterally traverse an enterprise or to exfiltrate data from a targeted network.

    Join this webinar to learn how deceptive traps and bait can be used to contain malicious actors, and prevent such intruders from breaking out into the enterprise from the compromised endpoint. The concepts and discussion will be illustrated with general industry examples as well as practical case studies from users of the Attivo Networks platform.
  • Customer Experiences in Real-World Deception Deployments Recorded: May 7 2020 65 mins
    Sarah Ashburn, SVP of Sales & Customer Success | Robert Crisp, VP of Technical Operations | Chris Roberts, Hacker | Customers
    In this webinar, you will have the unique opportunity to hear from three behind-the-mask security practitioners who are actively using Attivo Networks deception technology in very different environments. One customer comes from a large organization with a very mature and robustly resourced security team and infrastructure. We also have a customer from an organization with a highly diverse, dynamic, and open environment by necessity. Our last participating customer has a developing infrastructure that was built entirely from the ground up.

    We will take you through a number of detection alerts identified through Attivo Networks deception technology, such as network, credential, insider, Active Directory, Man-in-the-Middle, ransomware, 3rd party, and even remote worker-based attacks.

    Attackers have successfully used deception tactics to breach networks for years. They masquerade as employees, using deceptive measures and stolen credentials to infiltrate a network, remaining undetected for lengthy periods of time. Deception technology shifts power back to the defenders with the ability to deceive and misdirect an attacker into revealing themselves. This is achieved without false positive alert fatigue and the burden of operational overhead associated with traditional detection methods. Join the webinar to hear from customers about why these companies have adopted deception and provide insights into sample customer alerts.
  • How to Reduce Remote Worker VPN Risk Recorded: Apr 15 2020 52 mins
    Srikant Vissamsetti, Sr VP of Engineering, Attivo Networks & Carlo Beronio, Director of Sales Engineering, Attivo Networks
    With the recent dramatic increase in remote workers, traditional network protections such as web filtering, firewalls, or IDS/IPS are not always reliably available. It has also become harder to pinpoint the source of an attack, such as a rogue Active Directory query from a compromised host or network reconnaissance of systems on VPN. Plus, users are accessing corporate networks and SaaS applications with unmanaged systems that are creating additional opportunities for attackers to exploit.

    Join this session to hear how deception-based threat detection solutions are adding a safety net of early and accurate threat detection for VPN environments. Not reliant on pattern matching or prior baselines, you will hear how deception equips defenders with the ability to quickly identify attacker network discovery, MitM activity, VPN and SaaS credential theft, as well as AD reconnaissance.
  • Detecting Deceivers through Deception Recorded: Apr 10 2020 65 mins
    Tony Cole, CTO | Attivo Networks & Kevin Fiscus, Principal Instructor, SANS Institute
    Almost every cyber-attack uses some form of deception to deceive your users. Whether it's spearphishing, a waterhole attack, or most others, attackers typically use a ruse to convince someone to click a link or open an attachment. It's high time we use those same tactics on the adversary when they visit our enterprise. Enterprise deception provides a fabric of fast high-fidelity detection across an enterprise. Now through cutting-edge new capabilities far beyond traditional honeypots deception can sow false information back to our attacking foe. Suddenly their advantage is gone when they can't trust the data they're trying to collect in your environment.

    In this session we discuss deception tactics that defenders can use on adversaries to gain fast and high-fidelity detection across an enterprise. Hear why this defensive fight is relevant to companies large and small, regardless of security capability maturity.
  • Would I Lie to You? How Deception is Shaping Our Future Recorded: Mar 24 2020 60 mins
    Chris Roberts, Chief Security Strategist | Attivo Networks & Tony Cole, Chief Technology Officer | Attivo Networks
    Learn how organizations are applying deception and detection techniques to the global fight for information dominance, where they so desperately need an advantage against the adversary. We will look at how a well architected deceptive environment can be used in a tactical manner, to aid awareness, identification, and provide the necessary fidelity around alerts and adversarial movements. In addition learn how we can use deception to monitor the awareness of our attacker, and measure or assess the effectiveness and integrity of our response options.

    We will take some time to break down the now, the future, the how’s and the where’s OF deception and detection within an enterprise, including the collaboration with Dev, Sec AND Ops.

    Join this webinar to hear why we need to change, what the current landscape looks like, and where we’re heading if we don’t course correct within the overall Information Security industry.


    OH, and we’ll do it with some humor, a distinct lack of death by PowerPoint AND likely whisky.
  • Deception Technology in APAC – Looking Forward to 2020 Recorded: Mar 12 2020 64 mins
    Jeremy Ho, Head of APAC at Attivo Networks & Jim Cook, Head of ANZ at Attivo Networks
    Deception Technology was one of the most researched hot topics in 2019, second only to Zero Trust. Analysts have also increased their coverage and endorsement of cyber deception as a foundational threat detection solution for organizations of all sizes. Deception has materially changed in its capabilities as well as operational efficiency over the last decade. It is now a far cry from the original honeypot. Join this webinar for insight into what deception will look like in 2020 and what criteria to consider when selecting the right solution for you.

    Topics include:
    • Evolution from honeypots
    • Coverage capabilities, both environmental and attack vector
    • Modifying attacker behaviour during recon, lateral movement, and Active Directory queries
    • Value in threat intelligence programs
    • Automation and role in SOAR

    Deception users are typically tight-lipped about their use of the technology, often driven by its application for catching insider threats and to avoid tipping off attackers. Attivo Networks is 2-years running as a top 100 fastest growing tech company on the Deloitte Fast 500, demonstrating its impact in derailing threats early.

    Learn what this technology can do for you to reduce MTTD, MTTR and attacker dwell time significantly.
  • Using Deception Technology To Close Your Detection Gaps Recorded: Jan 21 2020 38 mins
    Joseph Salazar, Technical Deception Engineer at Attivo Networks
    Independent law firms and legal departments all need to protect their intellectual property from theft and to know if critical files are accessed without authorization. In this session, we will share insights into why deception technology has become a legal sector preferred security control for the early detection and identification of in-network threats that have bypassed prevention security controls and for its reliable alerting on insider security policy violations. Discussion topics include deception use cases for IP and case file protection, insight into adversary intelligence gathering and examples of how automation is used to accelerate incident response. This session is for legal organizations of all sizes and maturity, which are seeking to enhance their detection capabilities, gain attack path visibility and enrich insider threat programs.
  • Deception Technology – Looking Forward to 2020 Recorded: Jan 16 2020 58 mins
    Carolyn Crandall, Chief Deception Officer & CMO and Joseph Salazar, TME at Attivo Networks
    Deception Technology was one of the most researched hot topics in 2019, only second to Zero Trust. Analysts have also increased their coverage and endorsement of cyber deception as a foundational threat detection solution for organizations of all sizes. Deception has materially changed in its capabilities as well as operational efficiency over the last decade. It is now a far cry from the original honeypot. Join this webinar for insight into what deception will look like in 2020 and what criteria to consider when selecting the right solution for you.

    Topics to include:
    • Evolution from honeypots
    • Coverage capabilities, both environmental and attack vector
    • Modifying attacker behavior during recon, lateral movement, and Active Directory queries
    • Value in threat intelligence programs
    • Automation and role in SOAR

    Deception users are typically tight-lipped about their use of the technology, often driven by its application for catching insider threats and legal requirements to avoid tipping off attackers. Attivo Networks is 2-years running as a top 100 fastest growing tech company on the Deloitte Fast 500, demonstrating its impact in derailing threats early and the for being a force multiplier to current security defenses.

    Sign up now to learn what this technology can do for you to reduce risk and attacker dwell time significantly.
  • Threat Detection Made Simple - Cyber Defense Magazine HotSeat Interview Recorded: Dec 18 2019 7 mins
    Carolyn Crandall, Chief Deception Officer at Attivo Networks and Gary S. Miliefsky, Publisher at Cyber Defense Magazine
    Attivo Networks Announces Active Directory Protection Offering
  • Deception for Speeding Up Your OODA Loop Recorded: Dec 11 2019 61 mins
    Matt Devost, CEO & Co-Founder of OODA LLC and Tony Cole, CTO of Attivo Networks
    Join Matt Devost, CEO & Co-Founder of OODA LLC. and Tony Cole, CTO of Attivo Networks for an in-depth discussion on cyber deception and how it plays into the OODA loop, the cycle of observe–orient–decide–act.

    Attackers and defenders may not realize it however both operate within an OODA loop where in a world without deception attackers are able to close their OODA loop because they know when an objective was accomplished, whereas cyber defenders are not always able to close their decision loop as they could be making decisions with incomplete information.

    In this session, you will learn how deception introduces false certainty into the attackers OODA loop and can cause them to engage in visible actions prematurely which allows for quick identification. Discussions will explore deception as a means for detection and interruption throughout the kill chain and how to disrupt attacker

    • Intelligence, surveillance, reconnaissance
    • Decisions
    • Actions: During an actual compromise and actions based upon the compromise itself
  • German Webinar: Deception, die bessere Methode Widersacher zu erkennen! Recorded: Dec 10 2019 39 mins
    Joe Weidner, Regional Director D-A-CH at Attivo Networks and Thomas Drews, Solution Engineer D-A-CH at Attivo Networks
    Trotz steigender Ausgaben für Cybersecurity nehmen Anzahl und Ausmaß von Breaches zu. Darüber hinaus bleibt die Zeitspanne bis zur Entdeckung eines Einbruchs immer noch sehr hoch mit fast 78 Tagen im globalen Durchschnitt. Es stellt sich die Frage, ob wir vielleicht die falschen Methoden und Techniken zur frühzeitigen und akkuraten Erkennung eines Einbruchs oder des böswilligen Insiders verwenden?

    Deception wird zunehmend eingesetzt, erfolgreich diese Lücke zu schließen. Sie bietet einen äußerst pragmatischen und kosteneffektiven Ansatz, der für Unternehmen jeglicher Größe und Ausrichtung mit geringem Aufwand zu implementieren ist.

    Erfahren Sie in diesem Webinar:

    · Wie Deception erfolgreiche Angriffe und böswillige Insider frühzeitig erkennen und stoppen kann
    · Wie sich Deception nahtlos in Ihre vorhandene IT-Sicherheit einfügt und mit ihr zusammenarbeitet
    · Wo Deception eingesetzt werden kann
    · Worauf sie bei der Auswahl einer Deception-Lösung achten sollten
  • Deception Imperatives and Vendor Comparison Spotlight Recorded: Oct 24 2019 45 mins
    Jim Hurley, CEO of Wellington Research, and Carolyn Crandall, Chief Deception Officer and CMO at Attivo Networks
    In this session, industry veteran Jim Hurley, the CEO of Wellington Research and Cyber Source Data, will cover primary research results on cyber effectiveness and how it is influenced by detection and incident response. Additionally, attendees will gain insights into the latest Wellington Research Market Spotlight covering the vendors and market for deception. The primary research includes:

    • Data loss rates and time to detection
    • Data loss rates and time to respond
    • Current market positions of deception vendors and what these mean
    • Market cycle and value for deception technologies
    • Guidance for sourcing deception vendors

    Join in for an insightful and objective look at why Cyber Deception is now a critical security control for organizations small and large.
  • A Hacker's Perspective: Where Do We Go From Here? Recorded: Jul 22 2019 62 mins
    Chris Roberts, Chief Security Strategist and Hacker, and Tony Cole, CTO
    For 25 years or more we have fought the battle of passwords and patches while all around us, the world has developed, data has exponentially increased, attack surfaces are everywhere and technology had quite simply forced the human race to consider the evolution cycle in single lifespans as opposed to millennia. During the last 25 years we have done little to protect the charges we are responsible for, we have failed to secure systems, allowed financial attacks, infrastructure attacks, and now attacks directly against humans. At what point will we be able to stem the bleeding and actually take charge of our realm? Have we left it too late, or are we still able to claw back out of the abyss and face our adversary in a more asymmetrical defensive manner? Can we actually provide safety and security to our charges or will we continue to fail? And, critically, how do we communicate this, and educate a population that is content to watch from the sidelines, while they are being digitally eviscerated.
Attivo Networks
Attivo Networks

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Boosting MITRE ATT&CK Detection Rates for Endpoint Security
  • Live at: Jul 1 2020 5:00 pm
  • Presented by: Tushar Kothari, CEO, Attivo Networks & Edward Amoroso, CEO, TAG Cyber
  • From:
Your email has been sent.
or close