Deception-Based Threat Detection and Continuous Response Platform
Traditional prevention-based security solutions are no longer seen as a reliable line of defense against today’s cyber attackers. Attackers are getting more sophisticated and breaches are continuing to happen at unprecedented rates. Organizations need to take a new approach to security controls. One that is able to detect threats that have bypassed perimeter and antivirus defenses and can efficiently detect the in-network lateral movement and credential theft of attackers.
The Attivo ThreatDefend Deception and Response Platform has created a new class of deception-based threat detection that ups the game against attackers. The ThreatDefend platform is recognized for its comprehensive network and endpoint-based deception, which turns user networks, data centers, cloud, remote offices, and even specialty environments such as IOT, ICS-SCADA, point-of-sale, telecom, and network infrastructure systems into traps and a “hall of mirrors” environment that will confuse, misdirect, and reveal the presence of attackers. The solution is designed for continuous threat management, which starts with deception-based detection of in-network threats and adds in automated attack analysis, forensic reporting, and 3rd party integrations (Firewall, NAC, end-point, SIEM) to accelerate incident response (block, quarantine, threat hunt). Visibility tools empower organizations to proactively strengthen overall security defenses by showing exposed attack paths and attacker movement in a time-lapsed replay.
The Attivo Deception and Response Platform comprises Attivo BOTsink engagement servers, decoys, deceptions, the Multi-Correlation Detection Engine (MCDE), the ThreatStrike end-point deception suite, the Attivo Central Manager (ACM), ThreatPath, and ThreatOps. Together, the product suite creates a comprehensive early detection and continuous threat management defense against today’s advanced threat actors.