Deception for Real-Time Inside The Network Threat Detection
Attackers and their automation tools rely on the responses they receive throughout their attack process to successfully progress their attacks. Whether it is an attacker scanning the network through open ports on endpoints to find hosts to engage with and/or services or applications to compromise or it is an attacker looking to exfiltrate employee credentials or data, Attivo has a high efficacy attack detection solution to lure and engage these attackers.
How Inside the Network Threat Detection Works
Attivo’s patented detection technology uses deception to lure attackers into revealing themselves as soon as they attack your network. With the Attivo Deception Platform, you will be alerted in real-time if your user network, data center , cloud, ICS-SCADA or IoT network is infected. The Attivo BOTsink Solution is based on high interaction deception technology that creates a distributed decoy system to lure in the BOTs and APTs of attackers. This solution works with the Attivo End-point Deception Suite to make the entire network a trap to detect attackers.
Once an attacker is engaged, the threat is analyzed to identifying the attack type, activities, and which device is infected. A substantiated alert is then raised and attack information provided to automatically block and quarantine the attacker.
To better understand the intent of the attacker to analyze polymorphic and time trigger attacks, a port can also be opened to connect to the hacker’s command and control (C&C) to collect additional information.