Whether it is an attacker scanning the network through open ports on endpoints to find hosts to engage with and/or services or applications to compromise or it is an attacker looking to exfiltrate employee credentials or data, Attivo has a high efficacy attack detection solution to lure and engage these attackers.
Attivo’s patented detection technology uses deception to lure attackers into revealing themselves as soon as they attack your network. With the Attivo Deception Platform, you will be alerted in real-time if your user network, data center, cloud, ICS-SCADA or IoT network is infected. The Attivo BOTsink Solution is based on high interaction deception technology that creates a distributed decoy system to lure in the BOTs and APTs of attackers. This solution works with the Attivo End-Point Deception Suite to make the entire network a trap to detect attackers.
Once an attacker is engaged, the threat is analyzed to identifying the attack type, activities, and which device is infected. A substantiated alert is then raised and attack information provided to automatically block and quarantine the attacker.
To better understand the intent of the attacker to analyze polymorphic and time trigger attacks, a port can also be opened to connect to the hacker’s command and control (C&C) to collect additional information.
The Attivo BOTsink Solution stands guard inside your network, using high-interaction deception and decoy technology to lure attackers into engaging and revealing themselves. Through misdirection of an attacker, organizations gain the advantage of time to detect, analyze, and stop an attacker.
The BOTsink multi-dimensional correlation engine (MDCE) analyzes attacker activities and provides the actionable intelligence needed to quickly and effectively shut down inside the network threats. The MDCE will learn from any system/kernel changes, process creation, process injection, registry and network activity to accelerate identification and forensic analysis. Attack analysis will include:
The BOTsink Analyze, Monitor and Record (AMR) Engine provides detailed attack information on the different varieties of intrusions including their tactics, techniques, and procedures (TTP). The administrator can monitor these intrusions and use the information gathered to update the security of the production network.
Attivo provides a centralized threat intelligence dashboard with every BOTsink Solution. The Attivo Central Manager (ACM) is available for organizations seeking to centrally manage multiple locations or environments and to aggregate threat reporting. The ACM includes:
The Attivo BOTsink solutions include:
The Attivo BOTsink Solution comes pre-configured, with the ability to host multiple VMs and servers. In just five simple steps, you can be up and running with the peace of mind you have the coverage you need to protect your network from attacks targeting your high-value assets.
Complete customization of operating systems, services, and applications can by configured for organizations seeking to increase the authenticity by matching their IT environment.
![Screen Shot 2016-05-19 at 1.56.06 PMMay 19, 2016[2]](https://threatstrike-65hmjzo0liillwsqi.netdna-ssl.com/wp-content/uploads/2015/07/Screen-Shot-2016-05-19-at-1.56.06-PMMay-19-20162-538x330.png?x74842 "Screen Shot 2016-05-19 at 1.56.06 PMMay 19, 2016[2]")
Attivo deception and decoy solutions are an effective, efficient, and scalable way to catch inside the network threats that have bypassed prevention systems.
Attivo is the leader in deception for inside the network threat detection and analysis with comprehensive solutions for the networks, data centers, cloud infrastructure, SCADA, and IoT environments.