ThreatDefend™ platform overview
The Attivo Networks ThreatDefend™ solution is a deception-based platform that provides early and accurate detection of in-network threats and automation to accelerate attack analysis and incident response. The platform is based on decoys, lures, application, and data deceptions that misdirect, deter, and derail threats at initial compromise or that are moving laterally within the network.
The platform covers everything from legacy infrastructure to modern cloud architectures, and is simple to deploy from user networks, data centers, clouds, ROBOs, or in specialized environments based on machine self-learning deception preparation, deployment, and operations. The solution stands apart from other deception platforms in its approach to deception authenticity and in its inclusion of automated attack analysis and extensive native integrations for incident response.
The platform base involves BOTsink® Engagement Servers, which support the central management of the deceptive deployment. These servers can be implemented as a physical, virtualized, or cloud instance. The primary BOTsink management functions include handling of alerts, coordination of analysis, and support for forensics, reporting, visibility tools, and integration of deception with enterprise security control systems.
The ThreatDefend Detection and Response platform includes BOTsink network deception; ThreatStrike® endpoint deception; ThreatDirect® distributed environment support for remote office and branch offices (ROBO) and microsegmented networks, and workloads in the cloud; ThreatOps™ incident response playbook orchestration; and ThreatPath™ for attack surface reduction by providing visibility into exposed attack paths that could be leveraged by malicious actors to advance an attack (see Figure 1).