Deception not only works for spies, it can also help enterprises detect and stop unwanted network intruders.
Attivo Networks, a Fremont, Calif.-based threat detection startup, announced this week that it had raised $15 million in a Series B round of financing to bolster its deception-based threat detection technology. Bain Capital Ventures, Omidyar Technology Ventures, Trident Capital Cybersecurity and Macnica Ventures participated in the investment. The company had previously raised $8 million in April 2015, in a Series A round headed by Bain Capital Ventures, bringing its total haul to date to $23 million.
Attivo's technology essentially lures attackers – of both within and outside an organization – with a multilayered platform involving deception servers that dish up lures and traps along with endpoint and application-level detection capabilities. But don't call the company's deception technology a honeypot.
Carolyn Crandall, chief marketing officer of Attivo Networks, acknowledged that at a fundamental level, both honeypots and deception technology "are both designed to confuse, misdirect, and delay the enemy by incorporating ambiguity and by misdirecting their operations," in a blog post. "Beyond that, however the technologies are quite different."
Compared to low-interaction honeypots that are easy for attackers to fingerprint and avoid, Attivo's platform provides tracking of an attacker's movements, attack analysis, forensic reporting and automatic quarantining of threats.
According to Tushar Kothari, CEO of Attivo Networks, enterprises are increasingly turning to deception technologies to stay one step ahead of hackers.
"Deception is being rapidly adopted worldwide, because it closes the detection gap in a company's security posture. Attackers have proven time-and-again that they can bypass perimeter defenses and easily evade traditional detection tools," said Kothari in a statement. "With its new approach to security, Attivo Networks deception not only accurately detects an attacker's presence, but also rewrites the rules on attackers, so that they have to be right 100 percent of the time."
Attivo isn't the only security startup targeting the burgeoning deception technology space.
Israeli security specialist Cymmetria's MazeRunner threat detection product lures attackers with "bread crumbs" – seemingly legitimate credentials or other information that can be used to compromise a system – to decoy virtual machines containing real operating systems and services. Meant to level the playing field with unpredictable attackers, the platform can be used to track an attack's lateral movement and prevent further intrusions.