ThreatDefend® Platform Overview in 65 Seconds

ThreatDefend® Platform

The ThreatDefend® platform provides comprehensive prevention and detection technology to deny, detect and derail attackers across a wide variety of attack surfaces. The modular design provides flexibility to add detection coverage for active directory, endpoint, network, and cloud.

BOTsink Asset Defense

Asset Defense

Network-based post-compromise detection and engagement to misdirect attackers and collect adversary intelligence.
EDN Endpoint Defense

Endpoint Defense

Endpoint protection suite to restrict discovery, lateral movement, and privilege escalation.
ADSecure Active Directory Protection

Identity Detection and Response

Identity attack surface management solutions for the enterprise.

Awards for The Best Threat Detection and Response Technology

SC 2020 Awards
Info Security Products Guide 2020 Gold
Astors award platinum 2019

Benefits of the ThreatDefend® Solution

Organizations choose Attivo Networks for:

Application Credentials

Controlled Access Management

  • Prevent attackers from stealing credentials, escalating privileges, or finding the sensitive or critical data they seek.
Reduce Attack Detection Time

Reduce Attack Detection Time

  • Reduce attacker dwell time with accurate post-compromise threat detection. Detect reconnaissance, lateral movement, and credential theft early.
Actionable Alerts Improve Incident Response

Actionable Alerts Improve Incident Response

  • High-fidelity alerts accelerate incident response with rich threat intelligence and forensic reporting, reducing overall time to remediation.

Identify & Understand Attacker Methods & Intent

  • Engage attackers within a safe sandboxed environment to gain threat intelligence and for forensic reporting. Learn which systems are infected and detect polymorphic activity.
Mergers and Acquisitions

Integrations Accelerate Incident Response

  • Expedite and simplify Incident response is with 3rd party integrations that share threat intelligence and automate blocking, quarantining, and threat hunting.

How We’re Different

The Attivo Networks® ThreatDefend® platform uniquely provides visibility throughout the attack lifecycle, detects activity overlooked by traditional security controls, prevents lateral movement, and accelerates incident response with automated attack analysis and incident handling.

Attack Prevention and Detection

Reduce attacker dwell time with early detection and derailment of in-network threats. Built to cover all attack surfaces and methods of threats, Attivo hides critical data, misdirects attackers away from production assets, and uses deception to accurately and efficiently deceive attackers into revealing their presence.

Automated Attack Analysis and Forensics

Each detection carries a high-fidelity alert containing information on attacker tactics, techniques, procedures, and full indicators of compromise. Visualization tools, attack information correlation, and forensic reporting are automated, reducing the manual work required to understand an attack and the mean-time-to-remediation.

Accelerated Incident Response

3rd Party integrations for attack information sharing and incident handling automate the transfer of threat intelligence and accelerate incident response actions for automated blocking, quarantine, and threat hunting.


Deception and Derailment in the Security Stack

Detect in-network attackers that have evaded existing control.


Detect Any Type of Attack Across Any Type of Network


Detect scans, queries, access attempts, and engagement

Credential Theft

Catch credential harvesting & reuse

Lateral Movement

Detect and redirect lateral movement attempts

Data Collection

Conceal and deny access to sensitive data from attacks

Active Directory

Conceal and deny access to privileged AD accounts and objects

ThreatDefend® Features

ThreatDefend® is a comprehensive, scalable detection platform designed for the early detection of external threat actors and insiders (employees, suppliers, contractors) and for accelerating incident response.

Attack Surface Scalability

Deploys on-premises, in the cloud, and at remote sites to protect user networks, data centers, cloud environments, and specialty networks

Attack path vulnerability assessment

Understand attack path vulnerabilities based on exposed credentials and misconfigurations.

Protect Credentials

Hide and restrict access to sensitive or privileged credentials at the endpoint and on Active Directory

In-Network Threat Detection

Early endpoint, network, application, data, and Active Directory post-compromise attack detection

Substantiated Alerts & Forensics

Actionable alerts from attacker engagement with any detection asset, with full forensic collection for evidence-backed response

Attack Analysis

Automated attack and malware analysis and correlation improves remediation times

Accelerated Incident Response

Extensive 3rd party integrations and repeatable playbooks accelerate incident response to block, isolate, threat hunt, and share data

Threat Intelligence

Graphical maps for network visualization and time-lapsed attack replay. Endpoint visibility into attack activity source processes

Easy deployment & Operations

Flexible deployment options, machine learning, and enterprise-wide central management

Deception and Concealment

Create deceptive assets at the network, in endpoints, and on Active Directory that detect attack activity and misdirect attackers. Conceal and deny access to sensitive data to prevent exploitation. Redirect attackers to decoys for engagement.

Deception and Concealment Deny


  • Hide local and AD privileged accounts and objects
  • Hide local files, folders, mapped network and cloud shares, and removable storage
  • Remediate stored credentials and misconfigurations to reduce the attack surface
Deception and Concealment Detect


  • Detect AD queries and attempts to access hidden data
  • Detect credential theft, reconnaissance, and lateral movement attempts
  • Provide endpoint and engagement-based forensics and visibility
Deception and Concealment Derail


  • Divert connection attempts to decoys for engagement
  • Breadcrumb attackers to the deception environment with fake credentials and AD data
  • Occupy attackers in engagement environment to gather adversary intelligence

Detections across Attack Phases

Reduce attacker dwell time through the early detection of threats and their movement.

Initial Compromise
  • Social engineering
  • External compromise
Establish Foothold
  • Custom malware
  • C2
  • App exploitation
Escalate Privileges
  • Credential theft
  • Password cracking
  • “Pass-the-hash”
Internal Recon
  • Critical system recon
  • System, AD & user enumeration
Move Laterally
  • Net use commands
  • Reverse shell access
Maintain Presence
  • Backdoor variants
  • VPN subversion
  • Sleeper malware
Complete Mission
  • Staging servers
  • Data consolidation
  • Data theft

Simple Deployment and Operations.

Whether your organization is big or small, creating and maintaining
Attivo Networks Threat Platform is as easy as 1,2,3.

Easy to Customize

Automatically proposes campaigns based on environmental self-learning

Easy to Deploy

Out-of-band deployments scale with existing production infrastructure

Easy to Operate

Centralized management, actionable alerts, automation, and native integrations empower fast responses


SC Media ThreatDefend® Platform v5.0 Review