Support Login
Login
Request Demo

Introduction to ThreatStrike Animated Video

PLAY VIDEO

ThreatStrike Endpoint-based Threat Deception

Gain immediate value with Credential Theft Visibility & Accelerated Response.

Detect

Credential Theft
& Harvesting

Derail

Ransomware
Attacks

Analyze

Attacks & Create
Forensic Reports

Defend

With High-Fidelity Alerts
& Automated Isolation

EndPoint Deception

Windows

MAC

Linux

AWS

Mapped Shares

Profile Data

Windows

MAC

Linux

AWS

Mapped Shares

Profile Data

Endpoint-based Threat Deception

Early Detection of Stolen Credential & Ransomware Attacks

The Attivo ThreatStrike solution is an agentless technology that resides on the endpoint as a first line of defense against credential theft. Deception credentials lure attackers into engaging and revealing themselves. Through misdirection of the attack, organizations gain the advantage of time to detect, analyze, and stop an attacker.

Why Customers Choose ThreatStrike Deception
Detection &
Visibility
Deception Authenticity
Agentless
Scalability
Deployment
Flexibility
Endpoint Attack Forensics

Features

Early and Accurate Detection of In-Network Malicious Actors & Insiders

Deceive external and internal threats (employees, suppliers, contractors) into revealing themselves.

  • Comprehensive

    • Endpoint deceptions include Windows, Mac, Linux, and AWS credentials.
    • Early detection of endpoint credential theft and harvesting.


  • Authentic & Attractive Credentials

    • Customized to appear as production user.
    • Active directory integration for authenticity.


  • Ransomware Derailment

    • Ransomware deception bait.
    • High-interaction deception to stall attack.


  • Accurate Detection

    • Reuse of deception credentials or engagement with deception drives raises a high-fidelity alert.
    • Failed login detection via SIEM integration and query.
    • Alerts are substantiated from engagement and actionable removing false positive fatigue.

Simple, Scalable Deployment for Endpoint Threat Deception

Flexible deployment options backed by machine-learning simplify deployment and ongoing operations.

  • Simple & Scalable

    • Agentless for simple deployment.
    • Flexible deployment options.
    • Designed to non-disruptively deploy and scale for large global networks.


  • Self-Managing Deployment & Refresh

    • Intelligent self-learning automates deployment.
    • Machine learning campaign proposals for automated refresh of the deception environment.


  • Easy to Manage & Operate

    • Centralized threat intelligence dashboard.
    • Automated attack analysis.
    • Integrations for actionable Incident Response.


  • Central Management

    • Central global deployment management.
    • Integration with EDR Tools.
    • SIEM tool integration to query for failed logins.
    • Integrates with existing SOC tools.

Attack Analysis Automation

Capture Threat Intelligence to strengthen overall defenses.

  • Malware & Attack Analysis

    • Built-in sandbox automates attack correlation and analysis improving time to remediation.
    • Gain threat intelligence with attack tactics, techniques, procedures (TTP).
    • Automate malware and phishing email analysis.


  • In-depth Forensics

    • Sandboxed attacker engagement.
    • Record all attack activity on decoy disk, memory, and network layers.
    • Watch lateral movement and record C&C communications.
    • Gain adversary intelligence.


  • Endpoint Forensics

    • Endpoint forensics to expedite remediation.
    • Reveal in-memory attacker data, such as hooked processes, open network connections, API calls, and more for threat intelligence.


  • Threat Intelligence Dashboard

    •  Standard & advanced dashboard settings for simple operation.
    • Optional Central Manager provides on premise or cloud centralized threat management.
    • Extensive native integrations for attack information sharing.

Automated Incident Response

Reduce mean time to response with actionable alerts, visualization, & automated response.

  • Substantiated Alerts

    • Actionable alerts are created from attacker engagement or credential reuse.
    • High-fidelity alerts are substantiated with details from attacker engagement.
    • Full forensics make for actionable response.


  • Siem Integration

    • Query SIEMs for deception credential failed login in.
    • Share attack info for more efficient threat hunting.
    • Reduce SIEM processing cycles through shared detection alerts.


  • 3rd Party Integrations

    • Extensive integrations accelerate incident response with automated blocking, isolation, and threat hunting.
    •  Incident response can be activated within dashboard or fully automated.


  • Repeatable Playbooks

    • Automate response to recognized attacks with ThreatOps™ Playbooks.
    • Automate workflow process from response to trouble ticket remediation.
    • Faster, predictable response.

Benefits of ThreatStrike Endpoint Suite

Gain immediate value by deploying network-based threat deception.

Early

Detection of credential theft
and ransomware attacks

Accurate

Alerts on credential use
or bait engagement

Authentic

Authenticated by
Active Directory

Self-Learning

Machine-Learning for high
authenticity and low maintenance

Scalable

Agentless design non-disruptively
scales for global deployments

Actionable

High-fidelity alerts
empower fast response

FORENSICS

Automated analysis, correlation,
visualization maps reduce MTTR

Automated

Integrations automate
endpoint isolation

Early

Detection of credential theft and ransomware attacks

Accurate

Alerts on credential use or bait engagement

Authentic

Authenticated by Active Directory

Self-Learning

Machine-Learning for high authenticity and low maintenance

Scalable

Agentless design non-disruptively scales for global deployments

Actionable

High-fidelity alerts empower fast response

FORENSICS

Automated analysis, correlation, visualization maps reduce MTTR

Automated

Integrations automate endpoint isolation

Use Cases

  • Credential Threat Detection


    By seeding deceptive credentials everywhere that appear real, organizations can detect when attackers steal and reuse them.

  • Ransomware


    Organizations can detect, analyze, and delay ransomware attacks regardless of their evasion mechanisms. High-interaction deception occupies the ransomware to keep it away from valuable data.

  • Cloud Credential Attacks


    The solution provides deceptive credentials, access keys, containers, database tables, and database connectors, alerting on stolen credential theft and reuse, and cloud application activity.

  • Wire Transfer Credential Attacks


    Financial organizations can detect SWIFT credentials attacks and capture account information used for fraud.

  • Attack Correlation & Malware Analysis


    The solution can create threat intelligence and forensic reports based upon detected attacks and analyzed phishing emails for a more accurate remediation.

  • Improved Incident Response


    Security teams can realize faster response actions through third party integrations that automatically isolate infected endpoints.

ENDPOINT DECEPTION PRODUCT OFFERINGS

Solutions are available in virtual machines format, as an appliance or service.

THREATSTRIKE ENDPOINT SUITE

  • Agentless Endpoint Deception

Add deceptive credentials, ransomware bait, and malware analysis capabilities to expand the deception deployment at the endpoint. Sold as a license.

Download Data Sheet

THREATPATH ASSESSMENT

  • See Paths Attackers Can Take

See how an attacker views the network with maps that identify the paths they could traverse based on misused, misconfigured, and orphaned credentials. Sold as a license.

Download Data Sheet
Deployment Options

ThreatStrike for Credential Theft

Early Detection of Credential Theft
Agentless credential deceptions that appear in memory and registry keys.

ThreatStrike for Cloud

Early Detection of Cloud Credential Harvesting
Agentless credential deceptions that appear as AWS cloud credentials.

ThreatStrike for Ransomware

High-interaction Misdirection of Ransomware Attacks
Mapped drives and SMB shares to redirect and slow down the attack.

ThreatStrike Malware Analysis

Automate Phishing / Malware Analysis
Add icon to email ribbon bar to automate submission of suspicious emails and investigation.

Attack Path Vulnerability Assessment

Quickly Understand Exposed Attack Paths (add on)
Easily visualize paths an attacker could take to reach their targets.

“THE MOST IMPORTANT THING YOU DO IS PROVIDE ME ALERTS BASED ON CONFIRMED ACTIVITY… YOU ARE MY EYES AND EARS ON THE INSIDE OF MY NETWORK…”

—Senior Director, Info Sec at Top 50 Retail Organization

SPOTLIGHT

ThreatStrike Solution
Animated Video

LEARN MORE

Perspectives

RESOURCES

Ready to find out what’s lurking in your network?

Schedule Demo
Contact Us