SC Media ThreatDefend® Platform v5.0 Review

ThreatDefend® Platform

The ThreatDefend® platform provides comprehensive prevention and detection technology to deny, detect and derail attackers across a wide variety of attack surfaces. The modular design provides flexibility to add detection coverage for active directory, endpoint, network, and cloud.

BOTsink Asset Defense

Asset Defense

Network-based post-compromise detection and engagement to misdirect attackers and collect adversary intelligence.
EDN Endpoint Defense

Endpoint Defense

Endpoint protection suite to restrict discovery, lateral movement, and privilege escalation.
ADSecure Active Directory Protection

Active Directory Protection

A standalone solution to efficiently conceal real objects and return fake information when attackers query AD.

Awards for The Best Threat Detection and Response Technology

SC 2020 Awards
Info Security Products Guide 2020 Gold
Astors award platinum 2019

Benefits of the ThreatDefend® Solution

Organizations choose Attivo Networks for:

Application Credentials

Controlled Access Management

  • Prevent attackers from stealing credentials, escalating privileges, or finding the sensitive or critical data they seek.
Reduce Attack Detection Time

Reduce Attack Detection Time

  • Reduce attacker dwell time with accurate post-compromise threat detection. Detect reconnaissance, lateral movement, and credential theft early.
Actionable Alerts Improve Incident Response

Actionable Alerts Improve Incident Response

  • High-fidelity alerts accelerate incident response with rich threat intelligence and forensic reporting, reducing overall time to remediation.

Identify & Understand Attacker Methods & Intent

  • Engage attackers within a safe sandboxed environment to gain threat intelligence and for forensic reporting. Learn which systems are infected and detect polymorphic activity.
Mergers and Acquisitions

Integrations Accelerate Incident Response

  • Expedite and simplify Incident response is with 3rd party integrations that share threat intelligence and automate blocking, quarantining, and threat hunting.

Deception and Derailement in the Security Stack

Detect in-network attackers that have evaded existing control.

DECEPTION AND DERAILEMENT IN THE SECURITY STACK

Detect Any Type of Attack Across Any Type of Network

Discovery

Detect scans, queries, access attempts, and engagement

Credential Theft

Catch credential harvesting & reuse

Lateral Movement

Detect and redirect lateral movement attempts

Data Collection

Conceal and deny access to sensitive data from attacks

Active Directory

Conceal and deny access to privileged AD accounts and objects

ThreatDefend® Features

ThreatDefend® is a comprehensive, scalable detection platform designed for the early detection of external threat actors and insiders (employees, suppliers, contractors) and for accelerating incident response.

Attack Surface Scalability

Deploys on-premises, in the cloud, and at remote sites to protect user networks, data centers, cloud environments, and specialty networks

Attack path vulnerability assessment

Understand attack path vulnerabilities based on exposed credentials and misconfigurations.

Protect Credentials

Hide and restrict access to sensitive or privileged credentials at the endpoint and on Active Directory

In-Network Threat Detection

Early endpoint, network, application, data, and Active Directory post-compromise attack detection

Substantiated Alerts & Forensics

Actionable alerts from attacker engagement with any detection asset, with full forensic collection for evidence-backed response

Attack Analysis

Automated attack and malware analysis and correlation improves remediation times

Accelerated Incident Response

Extensive 3rd party integrations and repeatable playbooks accelerate incident response to block, isolate, threat hunt, and share data

Threat Intelligence

Graphical maps for network visualization and time-lapsed attack replay. Endpoint visibility into attack activity source processes

Easy deployment & Operations

Flexible deployment options, machine learning, and enterprise-wide central management

Deception and Concealment

Create deceptive assets at the network, in endpoints, and on Active Directory that detect attack activity and misdirect attackers. Conceal and deny access to sensitive data to prevent exploitation. Redirect attackers to decoys for engagement.

Deception and Concealment Deny

Deny

  • Hide local and AD privileged accounts and objects
  • Hide local files, folders, mapped network and cloud shares, and removable storage
  • Remediate stored credentials and misconfigurations to reduce the attack surface
Deception and Concealment Detect

Detect

  • Detect AD queries and attempts to access hidden data
  • Detect credential theft, reconnaissance, and lateral movement attempts
  • Provide endpoint and engagement-based forensics and visibility
Deception and Concealment Derail

Derail

  • Divert connection attempts to decoys for engagement
  • Breadcrumb attackers to the deception environment with fake credentials and AD data
  • Occupy attackers in engagement environment to gather adversary intelligence

Detections across Attack Phases

Reduce attacker dwell time through the early detection of threats and their movement.

Initial Compromise
DECEPTION DETECTS:
  • Social engineering
  • External compromise
Establish Foothold
DECEPTION DETECTS:
  • Custom malware
  • C2
  • App exploitation
Escalate Privileges
DECEPTION DETECTS:
  • Credential theft
  • Password cracking
  • “Pass-the-hash”
Internal Recon
DECEPTION DETECTS:
  • Critical system recon
  • System, AD & user enumeration
Move Laterally
DECEPTION DETECTS:
  • Net use commands
  • Reverse shell access
Maintain Presence
DECEPTION DETECTS:
  • Backdoor variants
  • VPN subversion
  • Sleeper malware
Complete Mission
DECEPTION DETECTS:
  • Staging servers
  • Data consolidation
  • Data theft

Simple Deployment and Operations.

Whether your organization is big or small, creating and maintaining
Attivo Networks Threat Platform is as easy as 1,2,3.

Easy to Customize

Automatically proposes campaigns based on environmental self-learning

Easy to Deploy

Out-of-band deployments scale with existing production infrastructure

Easy to Operate

Centralized management, actionable alerts, automation, and native integrations empower fast responses

SPOTLIGHT

Cyber Deception Significantly Reduces Data Breach Costs & Improves SOC Efficiency