Support Login

Attivo ThreatDefend Deception and Response Platform

Deception-Based Threat Detection and Continuous Response Platform

Traditional prevention-based security solutions are no longer seen as a reliable line of defense against today’s cyber attackers. Attackers are getting more sophisticated and breaches are continuing to happen at unprecedented rates. Organizations need to take a new approach to security controls. One that is able to detect threats that have bypassed perimeter and antivirus defenses and can efficiently detect the in-network lateral movement and credential theft of attackers.

The Attivo ThreatDefend Deception and Response Platform has created a new class of deception-based threat detection that ups the game against attackers. The ThreatDefend platform is recognized for its comprehensive network and endpoint-based deception, which turns user networks, data centers, cloud, remote offices, and even specialty environments such as IOT, ICS-SCADA, point-of-sale, telecom, and network infrastructure systems into traps and a “hall of mirrors” environment that will confuse, misdirect, and reveal the presence of attackers. The solution is designed for continuous threat management, which starts with deception-based detection of in-network threats and adds in automated attack analysis, forensic reporting, and 3rd party integrations (Firewall, NAC, end-point, SIEM) to accelerate incident response (block, quarantine, threat hunt). Visibility tools empower organizations to proactively strengthen overall security defenses by showing exposed attack paths and attacker movement in a time-lapsed replay.

The Attivo Deception and Response Platform comprises Attivo BOTsink engagement servers, decoys, deceptions, the Multi-Correlation Detection Engine (MCDE), the ThreatStrike end-point deception suite, the Attivo Central Manager (ACM), ThreatPath, and ThreatOps. Together, the product suite creates a comprehensive early detection and continuous threat management defense against today’s advanced threat actors.

Deception-Based Threat Detection

Deception Authenticity and Campaigns

Camouflage for Dynamic Behavioral Deception

Discover, assign, and refresh decoys, credentials, and attacker bait dynamically with automated, self-learning deception campaigns.

  • Intelligent deployment of deceptive assets to match the behavior of a user’s network.
  • Continuously monitor, evolve, refresh, deceptive credential and lures.
  • Self-healing technology dynamically respins decoys after engagement, preventing attacker fingerprinting and identification.

Automated Deception Campaign Deployment

Adaptive Deception for Scalability and Auto-reset of Deception

Attivo Adaptive Deception Campaigns provide breakthrough scalability, which is critical for large network deployment and for instantly resetting the attack surface to stop an attacker from successfully completing a breach.

  • Automatically deploy deception campaigns created from environmental learnings
  • On-demand resetting of deception synthetic network including decoys, lures, and credentials
  • Create uncertainty for the attacker, escalate the chances of them making a mistake, and increase their costs as they are forced to restart or abandon their attack

Reduction of Attack Detection Time

Prevent Data Exfiltration

Prevent attackers from exfiltrating valuable company information and credentials and stop them before any damage can be done.

  • Attack detection is provided real-time by accurately identifying infected clients, including sleeper and time-triggered agents, enabling remediation of the attack before damage can be done.
  • No false positives. Alerts only occur when a hacker is engaged, and an attack on the BOTsink Solution has occurred.

Identify and Understand the Methods and Intent of Hackers

Analysis and Forensics

After the attacker has engaged with the Attivo deception platform, they can either be automatically or manually quarantined and studied for detailed forensics. After quarantining the malware, the Attivo BOTsink allows the attack to fully detonate inside the controlled system, generating a full scale forensic analysis that can be exported into popular formats. The Attivo analysis engine will analyze: 

  • The techniques and methods of the attack
  • Where the attacker is and which systems are infected
  • Which systems will be infected next and how to quarantine the spread of the attack

The forensic ability of the Attivo deception platform allows for unparalleled visibility into any attack on your network.  

Improve Incident Response with Actionable Alerts

Substantiated Alerts Based on Attacker Engagement: No False Positives

The Attivo BOTsink Solution provides accurate, actionable alerts, with the intelligence you need to take immediate action and stop BOTs and APTs in your network.

  • There are NO legitimate reasons for a user to communicate with the Attivo BOTsink Solution, so any scans or attempts to engage it represent an attacker trying to find and target high-value network assets.
  • If the BOTsink Solution doesn’t see anything, you can rest assured your assets are safe, and you have the coverage you need to identify a BOT or APT, as soon as it enters your network.
  • The longer a BOT or APT engages the Attivo BOTsink Solution, the more data it collects and analyzes to support remediation and forensics.
  • With the BOTsink Solution, you can quickly and efficiently strengthen your overall security and shut down BOTs and APTs to protect your IP and brand.

Defend Your Network

Reporting and Automations to Block Attacks and Quarantine Devices

  • Captures and Analyzes Actionable Information—identifies the infected systems and collects and analyzes information on the time, type and anatomy of the attack.
  • Provides Forensics—capturing and cataloging all attack activity to support understanding of the attack’s anatomy and objectives that can lead to a better overall security stance.
  • Reporting and Seamless Eco-System Integration—Security professionals have the option to access detailed attack information through UI, PCAP files, Syslog, IOC, and CSV report formats or can automatically set configurations to block and quarantine through prevention system integrations.