Request Demo

Introduction to BOTsink Animated Video

PLAY VIDEO

Network-Based Threat Deception

Quickly detect in-network threat activity across all attack surfaces as an attacker seeks target assets, moves laterally, and maintains presence.

Decoys for Early Detection of Reconnaissance & Lateral Movement Activity

Servers
Endpoints
Active Directory
Application
Data
Specialized Devices

IoT

Medical IoT

Industrial Control

POS

Router Infrastructure

IoT

Medical IoT

Industrial Control

POS

Router Infrastructure

BOTsink Deception & Decoys

The Attivo BOTsink solution stands guard inside your network, using high-interaction deception and decoy technology to lure attackers into engaging and revealing themselves. Through misdirection of the attack, organizations gain the advantage of time to detect, analyze, and stop an attacker.

Why Customers Choose Botsink
Reconnaissance & Lateral Movement Detection
Authentic &
Attractive Decoys
Easy to Deploy & Operate
High-Fidelity
Alerts
Automations for Incident Response

Early Detection with Actionable Threat Intelligence

Centrally managed deception environment and quickly take action on threats detected. Easily drill down into attack detail and streamline operations with automations for attack analysis and response.

Centralized Threat Intelligence
Easily View Attack Details
Activate Incident Response
Attack Visualization & Replay
Attack & Forensic Reports

Network Visualization

Quickly discover adds and changes of devices on the network. Watch how your network changes overtime and easily understand where deception is operating and identify opportunities to strengthen defenses.

Notification of Device Changes
Watch Network Adjustments
Time-Lapsed Playback
Understand Deception Deployed
Strengthen Defenses

Attack Visualization

Quickly visualize attacks on the network and improve your understanding of cross VLAN attacks. Watch how attacks play out over time and apply these learnings to strengthening defenses.

Visualize Attacks
Understand Cross VLAN Attacks
Time-lapsed Playback
Deploy Deception
Strengthen Defenses

FEATURES

Early and Accurate
Detection of
In-Network Malicious
Actors & Insiders

Deceive external and internal threats (employees, suppliers, contractor) into revealing themselves.

  • COMPREHENSIVE

    • Server, endpoint, application, data, and database deceptions provide the most comprehensive threat deception across all networks.
    • Early detection of network reconnaissance and lateral movement.
    • Catch attacks like Man-in-the-Middle.


  • AUTHENTIC & ATTRACTIVE DECOYS

    • Real Windows and Linux operating systems and services appear as authentic production assets and create attractive targets for attacker.
    • Golden-image customization for the utmost authenticity.


  • ATTACK SURFACE SCALABILITY

    • Threat deception for evolving attack surfaces.
    • Scalability for data centers, cloud, user networks, remote office, and specialty networks.


  • ACCURATE DETECTION

    • Detection is driven by engagement with network decoys, deception documents, deceptive credentials, and applications.
    • Alerts are substantiated, high-fidelity, and actionable, removing false positive fatigue.
    • Does not need tuning to be effective, providing immediate detection value.

Simple, Scalable Deployment for Evolving Threats & Attack Surface

Flexible deployment options backed by network self-learning, simplified deployment, and ongoing operations.

  • SIMPLE & SCALABLE

    • Flexible deployment options and machine-learning for ongoing campaign authenticity & refresh.
    • Designed to non-disruptively deploy & scale across all attack surfaces.


  • MACHINE-LEARNING DEPLOYMENT & REFRESH

    • Simplified deployment model.
    • Intelligent self-learning to automate deployment.
    • Self-learning campaign proposals to automate refresh.


  • EASY TO OPERATE

    • Centralized threat intelligence dashboard.
    • Attack visualization tools.
    • Integrations for actionable incident response.


  • CENTRAL MANAGEMENT

    • Central Manager for central global deployment management.
    • Integration with EDR Tools.
    • Output to any SIEM via syslog.
    • Integrates with specific SIEMs, with an available Splunk ES App.
    • Integrates with existing SOC tools and processes.

BOTsink for Attack
Analysis Automation

Capture Threat, Adversary, and Counterintelligence to strengthen overall defenses.

  • MALWARE & ATTACK ANALYSIS

    • Built in sandbox automates attack correlation & analysis improving time to remediation.
    • Gain threat intelligence by identifying indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).
    • Automate malware and phishing emails analysis.


  • IN-DEPTH FORENSICS

    • Sandboxed attacker engagement with full interactivity.
    • Record all attack activity on decoy disk, memory, and network layers.
    • Watch lateral movement & record C&C communications.
    • Gain adversary intelligence.


  • DECOYDOCS & COUNTERINTELLIGENCE

    • Data loss tracking and geolocation beaconing.
    • Gain understanding of attacker intent.


  • THREAT INTELLIGENCE DASHBOARD

    • Standard and advanced dashboard settings for simple operation.
    • Optional Central Manager provides a consolidated on-premise or cloud central management.
    • Extensive integrations for information sharing.

BOTsink for Incident
Response

Reduce mean time to respond with actionable alerts, visualization, and automated response.

  • SUBSTANTIATED ALERTS

    • Actionable alerts are created from attacker engagement or credential reuse.
    • High-fidelity alerts are substantiated with details from attacker engagement.
    • Full forensics make for actionable response.


  • SIEM INTEGRATION

    • Query SIEMs for deception credential failed logins.
    • Share attack info for more efficient threat hunting.
    • Reduce SIEM processing cycles through shared detection alerts.


  • 3RD PARTY

    • Extensive integrations accelerate incident response with automated blocking, isolation, and threat hunting.
    • Incident response can be manually activated within dashboard or fully automated.


  • REPEATABLE PLAYBOOKS

    • Automate response to recognized attacks with ThreatOps Playbooks.
    • Automate workflow process from response to trouble ticket remediation.
    • Faster, predictable response actions.

BOTsink for
Vulnerability
Assessment & Attack
Visualization

Reduce risk and mean time to response with credential vulnerability and attack visualization tools.

  • ATTACK PATH VULNERABILITY ASSESSMENT

    • Understand attack path vulnerabilities based on exposed and misconfigured credentials.
    • View attack paths in a topographical map.
    • Reduce attack surface.


  • NETWORK VISUALIZATION TOOLS

    • Network visualization maps show adds and changes to devices on the network.
    • See where deception is deployed for risk profiling.


  • ATTACK REPLAY

    • Topographical maps show attacker movement.
    • Time-lapsed attack replay tracks changes over periods of time.
    • Valuable for Man-in-the-Middle and other attacks that are difficult to understand.


  • ACCELERATED THREAT HUNTING

    • Full interaction decoys collect and develop IOCs to quickly identify other compromised systems.
    • Native integrations accelerate automated or manual threat hunting.

USE CASES

  • Early Threat Detection


    — Decoy engagement-based detection
    — Not reliant on signatures to detect attacks
    — No pattern matching or database look up

  • Lateral Movement Threat Detection


    — In-network threat detection
    — Detect early reconnaissance
    — Detect lateral movement
    — Detect activities used to maintain presence

  • Evolving Attack Surface


    — Decoys to address all attack surfaces
    — User Network
    — Data Center
    — Cloud (AWS, Azure, Google, OpenStack)
    — Specialized: IOT, ICS, POS, SWIFT, Router

  • Man-in-the-Middle Attacks


    — Early detection of MitM attacks
    — Attack replay to better understand movement

  • Data & DecoyDoc Deceptions


    — Data deceptions to misdirect attack
    — DecoyDocs for counterintelligence on attacker intent
    — Geolocation tracking of opened documents

  • Compliance Breach Investigation M&A Visibility


    — Demonstrate in-network detection
    — Forensics to demonstrate resolution
    — Trust but verify M&A visibility
    — Blue Team’s choice control during Pen Testing

  • Skills Shortage & Ability to Respond to Incident


    — High-fidelity alerts are actionable
    — Basic and advanced user interface
    — Easy to deploy and operate
    — Automations for attack analysys and incident response

BOTsink PRODUCT OFFERINGS

Solutions are available as a virtual machine, appliance, or service.

BOTsink 3000 Series

  • Midmarket & User Network Deception

Designed for smaller networks and the mid-market, this solution provides quick and easy network deception.

Download Data Sheet

BOTsink 5000 Series

  • Enterprise-class Network Deception

Designed for enterprise and telecommunications networks, this solution provides scalable network deception for large and global organizations.

Download Data Sheet
Deployment Options

BOTsink for Cloud

for Private, Public, Hybrid Clouds
Easily deploy the BOTsink in AWS, Azure, Google, OpenStack and other cloud environments.

BOTsink for Data Centers

FOR IN-HOUSE, HOSTED, AND MICROSEGMENTED DATACENTERS
Deploy BOTsink decoy deception to quickly detect lateral movement within your data centers.

BOTsink for User Networks

For Wired and Wireless User Networks
Add BOTsink decoy deception to user networks with configurations for Windows, Linux, Mac.

BOTsink for IoT

for a variety of IoT Devices
Customize your BOTsink to appear as medical IoT devices, printers, video cameras, or other IoT devices.

BOTsink for ICS-SCADA

for Industrial Control
Customize your BOTsink to appear as HMI and supervisory control servers within industrial control environments.

BOTsink for Infrastructure

for Networked devices
Customize your BOTsink to appear as routers within your user networks and data centers.

ThreatDirect – VM

Extend Network Deception
Extends network threat deception to remote and branch offices, the cloud, and for distributed and micro-segmented networks without the need for a local appliance.

Attivo Central Manager (ACM)

Central Intelligence & Management
Manages and centralizes threat intelligence and configurations of geographically distributed physical, virtual, and cloud deployments.

BOTsink DECEPTIONS

Deception Authenticity to Match Production Environments.

Server Decoy

Windows, Linux

Endpoint Decoy

Windows, Linux, Mac

Specialized Decoy

IOT, ICS, POS…

Application

SWIFT, Web, 25+Services

Data

Data, Database, DecoyDocs

Active Directory

Directory Services

Server Decoy

Windows, Linux

Endpoint Decoy

Windows, Linux, Mac

Specialized Decoy

IOT, ICS, POS…

Application

SWIFT, Web, 25+Services

Data

Data, Database, DecoyDocs

Active Directory

Directory services

Active Defense Partners

Native integrations for improved work flow management, information sharing, and simplifying incident response with automated blocking, quarantine, and threat hunting.

Investigation / Analysis & Hunting
Contain / Network Blocking
Contain / Endpoint quarantine
Distribution
Ticketing
Traffic Redirection
Cloud Monitoring
Orchestration
DOWNLOAD SOLUTION BRIEF

“Deception is the first technology I’ve seen in over a decade that truly has the potential to turn the table on the attacker.”

Assistant CISO, Top 5 Retail Company

SPOTLIGHT

Attivo Networks®
Awarded Best Technology

LEARN MORE

Perspectives

RESOURCES

Ready to find out what’s lurking in your network?

Schedule Demo
Contact Us