Attivo ThreatDefend Deception and Response Platform

• Decoys appear identical to production assets, luring attackers into revealing themselves.
• Decoy configurations run real Linux, Mac, and Windows OS and are customizable to match the “golden image” of the production environment.
• Deception lures (bait) redirect attackers trying to infect endpoints, servers/VMs to engagement servers for detection.
• Bait includes deception credentials, ransomware bait, and other deception lures.

Discover, assign, and refresh decoys, credentials, and attacker bait dynamically with automated, self-learning deception campaigns.

• Intelligent deployment of deceptive assets to match the behavior of a user’s network.
• Continuously monitor, evolve, refresh, deceptive credential and lures.
• Self-healing technology dynamically respins decoys after engagement, preventing attacker fingerprinting and identification.

Attivo Adaptive Deception Campaigns provide breakthrough scalability, which is critical for large network deployment and for instantly resetting the attack surface to stop an attacker from successfully completing a breach.

• Automatically deploy deception campaigns created from environmental learnings
• On-demand resetting of deception synthetic network including decoys, lures, and credentials
• Create uncertainty for the attacker, escalate the chances of them making a mistake, and increase their costs as they are forced to restart or abandon their attack

Prevent attackers from exfiltrating valuable company information and credentials and stop them before any damage can be done.

• Attack detection is provided real-time by accurately identifying infected clients, including sleeper and time-triggered agents, enabling remediation of the attack before damage can be done.
• No false positives. Alerts only occur when a hacker is engaged, and an attack on the BOTsink Solution has occurred.

After the attacker has engaged with the Attivo deception platform, they can either be automatically or manually quarantined and studied for detailed forensics. After quarantining the malware, the Attivo BOTsink allows the attack to fully detonate inside the controlled system, generating a full scale forensic analysis that can be exported into popular formats. The Attivo analysis engine will analyze: 

• The techniques and methods of the attack
• Where the attacker is and which systems are infected
• Which systems will be infected next and how to quarantine the spread of the attack

The forensic ability of the Attivo deception platform allows for unparalleled visibility into any attack on your network.  

The Attivo BOTsink Solution provides accurate, actionable alerts, with the intelligence you need to take immediate action and stop BOTs and APTs in your network.

• There are NO legitimate reasons for a user to communicate with the Attivo BOTsink Solution, so any scans or attempts to engage it represent an attacker trying to find and target high-value network assets.
• If the BOTsink Solution doesn’t see anything, you can rest assured your assets are safe, and you have the coverage you need to identify a BOT or APT, as soon as it enters your network.
• The longer a BOT or APT engages the Attivo BOTsink Solution, the more data it collects and analyzes to support remediation and forensics.
• With the BOTsink Solution, you can quickly and efficiently strengthen your overall security and shut down BOTs and APTs to protect your IP and brand.

• Captures and Analyzes Actionable Information—identifies the infected systems and collects and analyzes information on the time, type and anatomy of the attack.
• Provides Forensics—capturing and cataloging all attack activity to support understanding of the attack’s anatomy and objectives that can lead to a better overall security stance.
• Reporting and Seamless Eco-System Integration—Security professionals have the option to access detailed attack information through UI, PCAP files, Syslog, IOC, and CSV report formats or can automatically set configurations to block and quarantine through prevention system integrations.