Support Login

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

If you agree to these terms, please click here.

Introduction to ThreatDefend Deception Technology Animated Video

Threat Deception Technology for an Active Defense

Detection that scales with your business needs.

The ThreatDefend Deception Platform is a modular solution comprised of Attivo BOTsink® engagement servers, decoys, and deceptions, the ThreatStrikeTM endpoint deception suite, ThreatPathTM for attack path visibility, ThreatOpsTM incident response orchestration playbooks, and the Attivo Central Manager (ACM), which together create a comprehensive early detection and active defense against cyber threats.

ThreatDefend™ Deception & Response Platform

Network Deception

DECOYS

Endpoint Deception

CREDENTIALS

BOTsink
Cloud, VM, Appliance

ThreatStrike
Agentless License

Network Deception

DECOYS

BOTsink
Cloud, VM, Appliance

Endpoint Deception

CREDENTIALS

ThreatStrike
Agentless License

INCLUDED
  • Substantiated Alerts
  • Automated Attack Analysis & Replay
  • Forensic Reporting
  • Integrations for Auto-Response

Deception Plus

Deceptions
  • Ransomware Bait
  • Application Deception
  • Data Deception
  • DecoyDocs
Visibility
  • Attack Path Discovery: ThreatPath
  • Network Visibility
Incident Response
  • C2 Engagement
  • Malware Analysis
  • Repeatable Playbooks: ThreatOps
Operations
  • Central Manager
  • Deception Test Tools

THINK DECEPTION IS DIFFICULT? THINK AGAIN.

Whether your organization is big or small, creating and maintaining
Attivo Networks Threat Deception is as easy as 1,2,3.

EASY TO GENERATE

Deception campaigns are
automatically proposed based
on self-learning of the environment
No hassle authenticity

EASY TO DEPLOY

Out-of-band and agentless
technology make deployment
simple and highly scalable.
Machine-learning Installs

EASY TO OPERATE

Actionable alerts, automation,
and native integrations empower
fast response to alerts.
No extra staff needed
Why Customers Choose Threat Deception
Early Warning System
Actionable Alerts
Easy to Deploy
Low Maintenance
Strengthens Defenses

Deception Technology in the Security Stack

Close the detection gap and reduce dwell time by detecting in-network threats that other security controls miss.

Better Detection Against Better Attackers

Threat deception for the most comprehensive, accurate, and efficient attack detection.

VS

Firewall / IDS / Proxy / AV
Network Anomaly Detection
UEBA
SIEM
Hunt Teams
Detect Know & Unknown Attacks

Not reliant on signatures or pattern matching, the Attivo ThreatDefend solution accurately detects in-network reconnaissance, credential theft, Man-in-the-Middle attacks, and lateral movement of threats that other security controls miss.

Early & Accurate Detection

Threat deception provides early detection of external, insider, and 3rd party attacks. Achieve real-time threat detection of reconnaissance and credential theft activities as attackers are deceived into engaging with decoys, deception lures, and bait designed to entice hackers into revealing themselves.

No Alert Fatigue from false positives

High-fidelity alerts are raised based upon attacker decoy engagement or deception credential reuse. Each alert is substantiated with rich threat intelligence and is actionable, removing false positive and noisy alerts that distract from the prompt incident response of real threats.

Not Resource Intensive

Easy to deploy and operate, the Attivo solution is design to be low maintenance. Deployment is in hours and doesn’t require highly skilled employees or in-depth resources for ongoing operations. Machine learning, automated analysis, and incident response empower quick remediation.

Camouflage

Realistic deception is key to deceiving attackers into engaging. Dynamic deception provides authenticity and deception campaigns for self-learning deployment and refresh.

Authenticity

  • Customized using real OS and services to production assets
  • Credential validation with Active Directory
  • High-interaction engagement

Machine-Learning

  • Self-learning of the environment generates deception campaigns
  • Campaigns can be deployed on demand for environment refresh
  • Allows automated refresh to spin up deception or avoid fingerprinting

Easy Operations

  • Simplify deployment with automated campaign proposals
  • Easy operations with automated refresh
  • Choice of on demand or automated campaign deployment

Features

ThreatDefend is a comprehensive, scalable detection platform designed for the early detection of external threat actors and insiders (employees, suppliers, contractors) and for accelerating incident response.

In-Network Threat Detection

Early endpoint, network, application, and data post-compromise threat detection.

Attack Surface Scalability

Deception for evolving attack surface: data centers, cloud, user networks, remote office, specialty networks.

Easy deployment & Operations

Flexible deployment options and machine-learning for ongoing campaign authenticity and refresh.

Substantiated Alerts & Forensics

Actionable alerts from attacker engagement or credential reuse. Full forensics for actionable response.

Attack Analysis

Automated attack analysis and correlation improves time-to-remediation.

Threat Intelligence

High interaction attacker engagement and DecoyDocs produce threat, adversary, and counterintelligence.

Accelerated Incident Response

Extensive 3rd party automations accelerate incident response to block, isolate, and threat hunt.

Attack path vulnerability assessment

Understand attack path vulnerabilities based on exposed credentials and misconfigurations.

Visibility & Attack Maps

Topographical maps for network visualization and time-lapsed attack replay.

Detect. Any type of attack. Across Any Type of network.

Reconnaissance

Detect scans & engagement

Read More

Stolen Credentials

Catch credential harvesting & reuse

Read More

Man-In-The-Middle

See network-based credential theft

Read More

Ransomware

Delay malware with deception

Read More

Active Directory

Integrate deception objects in AD

Read More

Value of Deception during attack phases

Reduce attacker dwell time through early detection of threats and their movement.

Initial Compromise
DECEPTION DETECTS:
  • Social engineering
  • External compromise
Establish Foothold
DECEPTION DETECTS:
  • Custom malware
  • C2
  • App exploitation
Escalate Privileges
DECEPTION DETECTS:
  • Credential theft
  • Password cracking
  • “Pass-the-hash”
Internal Recon
DECEPTION DETECTS:
  • Critical system recon
  • System, AD & user enumeration
Move Laterally
DECEPTION DETECTS:
  • Net use commands
  • Reverse shell access
Maintain Presence
DECEPTION DETECTS:
  • Backdoor variants
  • VPN subversion
  • Sleeper malware
Complete Mission
DECEPTION DETECTS:
  • Staging servers
  • Data consolidation
  • Data theft

Threatdefend platform benefits

Reduce Attacker Dwell Time & Mean Time to Remediation.

Reduction of Attack
Detection Time

  • Endpoint & Network threat Deception

Reduce attacker dwell time with accurate post-compromise threat detection. Detect reconnaissance, lateral movement, and credential theft early.

Identify & Understand the
Methods & Intent of Hackers

  • Analysis & Forensics

Engage attackers within a safe sandbox to gain threat intelligence and for forensic reporting. Learn which systems are infected and detect polymorphic activity.

Improve Incident Response
with Actionable Alerts

  • Substantiated by Attacker Engagement

High-fidelity alerts accelerate incident response with the rich threat intelligence and forensic reporting, reducing overall time to remediation.

Defend Your Network with
Accelerated Response

  • Reduce Mean Time to Remediation

Incident response is expedited and simplified with 3rd party integrations that share threat intelligence and automate blocking, quarantining, and threat hunting.

DECEPTION
FOR
DETECTION &
AN ACTIVE
DEFENSE

Detection

In a world of ever-changing attack methods and an evolving attack surface, attackers can and will find ways to bypass perimeter defenses. The Attivo ThreatDefend platform is designed to detect these threats early in the attack cycle by attracting the attacker away from production assets with decoys, lures, and other deception bait. Comprehensive network and endpoint threat deceptions work hand in hand to derail attacks and catch reconnaissance, lateral movement, and credential theft activities early in the attack cycle.

Read More

Active Defense

The military has embraced deception as part of an active defense for decades. Early detection is an important part of the equation, however to outmaneuver attackers an organization must also be able to understand the adversary, and apply countermeasures to deter and stop attacks. The ThreatDefend Platform brings not only the ability to detect an attack early, but also an environment to extract threat intelligence from attacker engagement in order to reduce time to remediation and to fortify defenses.

Read More

“Designed for the most sophisticated human and automated attackers, the Attivo Networks Deception Technology is proven at global scale by Fortune 500 customers to accurately and efficiently detect threats.”

Laura Dyrda Becker, Health IT & CIO Review