Support Login.

one + eighteen =


ThreatMatrix Platform

ThreatMatrix: Deception-Based Threat Detection and Continuous Response Platform

9 out of 10 companies have shared that they have been breached in the last three years with 59% stating that at least one of these attacks resulted in physical damage.

Prevention security solutions alone are no longer seen as a reliable line of defense against cyber attacks.  With a growing number of cyber attacks, organizations are aggressively adopting deception detection technologies to provide real-time alerts of threats, improved incident response, and to mitigate the risks associated with data and employee credential exfiltration.

The Attivo ThreatMatrix  Platform, designed for high-interaction deception, provides a distributed deception and decoy solution that is designed to deceive, detect, and defend against BOT, Advanced Persistent Threat (APT), stolen credential, and ransomware attacks.

The ThreatMatrix Platform is comprised of Attivo BOTsink decoys, and deceptions, the Multi-Correlation Detection Engine (MCDE),  the ThreatStrike end-point deception suite, and the Attivo Central Manager (ACM), which together create a comprehensive early detection and continuous threat management defense against cyber threats.

Deception-Based Threat Detection

Deception Authenticity

Camouflage for Dynamic Behavioral Deception

Discover, assign, refresh credentials and attacker bait dynamically with automated, self-learning deception technology.

  • Intelligent deployment of deceptive assets to match the behavior of a user’s network.
  • Continuously monitor,  evolve, refresh, deceptive credential and lures.
  • Self-healing technology dynamically respins decoys after engagement, preventing attacker fingerprinting and identification.

Reduction of Attack Detection Time

Prevent Data Exfiltration

Prevent attackers from exfiltrating valuable company information and credentials and stop them before any damage can be done.

  • Attack detection is provided real-time by accurately identifying infected clients, including sleeper and time-triggered agents, enabling remediation of the attack before damage can be done.
  • No False positives.  Alerts only occur when a hacker is engaged, and an attack on the BOTsink Solution has occurred.

Identify and Understand the Methods and Intent of Hackers

Analysis and Forensics

After the attacker has engaged with the Attivo deception platform, they can either be automatically or manually quarantined and studied for detailed forensics. After quarantining the malware, the Attivo BOTsink allows the attack to fully detonate inside the controlled system, generating a full scale forensic analysis that can be exported into popular formats. The Attivo analysis engine will analyze: 

  • The techniques and methods of the attack
  • Where the attacker is and which systems are infected
  • Which systems will be infected next and how to quarantine the spread of the attack

The forensic ability of the Attivo deception platform allows for unparalleled visibility into any attack on your network.  


Improve Incident Response with Actionable Alerts

Substantiated Alerts Based on Attacker Engagement: No False Positives

The Attivo BOTsink Solution provides accurate, actionable alerts, with the intelligence you need to take immediate action and stop BOTs and APTs in your network.

  • There are NO legitimate reasons for a user to communicate with the Attivo BOTsink Solution, so any scans or attempts to engage it represent an attacker trying to find and target high-value network assets.
  • If the BOTsink Solution doesn’t see anything, you can rest assured your assets are safe, and you have the coverage you need to identify a BOT or APT, as soon as it enters your network.
  • The longer a BOT or APT engages the Attivo BOTsink Solution, the more data it collects and analyzes to support remediation and forensics.
  • With the BOTsink Solution, you can quickly and efficiently strengthen your overall security and shut down BOTs and APTs to protect your IP and brand.

Defend Your Network

Reporting and Automations to Block Attacks and Quarantine Devices

  • Captures and Analyzes Actionable Information—identifies the infected systems and collects and analyzes information on the time, type and anatomy of the attack.
  • Provides Forensics—capturing and cataloging all attack activity to support understanding of the attack’s anatomy and objectives that can lead to a better overall security stance.
  • Reporting and Seamless Eco-System Integration—Security professionals have the option to access detailed attack information through UI, PCAP files, Syslog, IOC, and CSV report formats or can automatically set configurations to block and quarantine through prevention system integrations.