Support Login.

16 − seven =

 

Attivo Portfolio

Deception-Based Threat Detection and Continuous Response Platform

Traditional security solutions alone are no longer seen as a reliable line of defense against cyber-attacks.  Breaches are continuing to happen at unprecedented rates.

Attivo Deception and Response Platform has created a new class of deception-based threat detection that ups the game against attackers. The Attivo platform is recognized for its comprehensive network and endpoint-based deception, which turns user networks, data centers, cloud, remote offices, and even specialty environments such as IOT, ICS-SCADA, and point-of-sale systems into traps and a “hall of mirrors” environment that will confuse, misdirect, and reveal the presence of attackers. The solution is designed for continuous threat management, which starts with deception-based detection of in-network threats and adds in automated attack analysis, forensic reporting, and 3rd party integrations (Firewall, NAC, end-point, SIEM) to accelerate incident response (block, quarantine, threat hunt). Visibility tools empower organizations to proactively strengthen overall security defenses by showing exposed attack paths and attacker movement in time-lapsed replay.

The Attivo Deception and Response Platform is comprised of Attivo BOTsink engagement servers, decoys, and deceptions, the Multi- Correlation Detection Engine (MCDE), the ThreatStrike end-point deception suite, the Attivo Central Manager (ACM), ThreatPath, and ThreatOps, which together create a comprehensive early detection and continuous threat management defense against today’s advanced threat actors.

Deception-Based Threat Detection

Deception Authenticity

Camouflage for Dynamic Behavioral Deception

Discover, assign, refresh credentials and attacker bait dynamically with automated, self-learning deception technology.

  • Intelligent deployment of deceptive assets to match the behavior of a user’s network.
  • Continuously monitor,  evolve, refresh, deceptive credential and lures.
  • Self-healing technology dynamically respins decoys after engagement, preventing attacker fingerprinting and identification.
BOTsink
BOTsink

Reduction of Attack Detection Time

Prevent Data Exfiltration

Prevent attackers from exfiltrating valuable company information and credentials and stop them before any damage can be done.

  • Attack detection is provided real-time by accurately identifying infected clients, including sleeper and time-triggered agents, enabling remediation of the attack before damage can be done.
  • No False positives.  Alerts only occur when a hacker is engaged, and an attack on the BOTsink Solution has occurred.

Identify and Understand the Methods and Intent of Hackers

Analysis and Forensics

After the attacker has engaged with the Attivo deception platform, they can either be automatically or manually quarantined and studied for detailed forensics. After quarantining the malware, the Attivo BOTsink allows the attack to fully detonate inside the controlled system, generating a full scale forensic analysis that can be exported into popular formats. The Attivo analysis engine will analyze: 

  • The techniques and methods of the attack
  • Where the attacker is and which systems are infected
  • Which systems will be infected next and how to quarantine the spread of the attack

The forensic ability of the Attivo deception platform allows for unparalleled visibility into any attack on your network.  

BOTsink
BOTsink

Improve Incident Response with Actionable Alerts

Substantiated Alerts Based on Attacker Engagement: No False Positives

The Attivo BOTsink Solution provides accurate, actionable alerts, with the intelligence you need to take immediate action and stop BOTs and APTs in your network.

  • There are NO legitimate reasons for a user to communicate with the Attivo BOTsink Solution, so any scans or attempts to engage it represent an attacker trying to find and target high-value network assets.
  • If the BOTsink Solution doesn’t see anything, you can rest assured your assets are safe, and you have the coverage you need to identify a BOT or APT, as soon as it enters your network.
  • The longer a BOT or APT engages the Attivo BOTsink Solution, the more data it collects and analyzes to support remediation and forensics.
  • With the BOTsink Solution, you can quickly and efficiently strengthen your overall security and shut down BOTs and APTs to protect your IP and brand.

Defend Your Network

Reporting and Automations to Block Attacks and Quarantine Devices

  • Captures and Analyzes Actionable Information—identifies the infected systems and collects and analyzes information on the time, type and anatomy of the attack.
  • Provides Forensics—capturing and cataloging all attack activity to support understanding of the attack’s anatomy and objectives that can lead to a better overall security stance.
  • Reporting and Seamless Eco-System Integration—Security professionals have the option to access detailed attack information through UI, PCAP files, Syslog, IOC, and CSV report formats or can automatically set configurations to block and quarantine through prevention system integrations.
BOTsink