Introduction to ThreatStrike Animated Video

Awards

SC 2020 Awards
Info Security Products Guide 2020 Gold
Astors award platinum 2019

ThreatStrike Endpoint-based Threat Deception

Gain immediate value with Credential Theft Visibility & Accelerated Response.

Detect

Credential Theft
& Harvesting

Derail

Ransomware
Attacks

Analyze

Attacks & Create
Forensic Reports

ThreatStrike Defend Alerting, Deflection, & Automated Isolation
Defend

Alerting, Deflection,
& Automated Isolation

EndPoint Deception

Windows

MAC

Linux

Cloud

Windows

MAC

Linux

Cloud

Endpoint-based Threat Deception

Early Detection of Stolen Credential & Ransomware Attacks

The Attivo ThreatStrike solution is an agentless technology that resides on the endpoint as a first line of defense against credential theft. Deception credentials lure attackers into engaging and revealing themselves. Through misdirection of the attack, organizations gain the advantage of time to detect, analyze, and stop an attacker.

Why Customers Choose ThreatStrike Deception
Detection &
Visibility
Deception Authenticity
Agentless
Scalability
Deployment
Flexibility
Endpoint Attack Forensics

Features

Early and Accurate Detection of In-Network Malicious Actors & Insiders

Deceive external and internal threats (employees, suppliers, contractors) into revealing themselves.

  • Comprehensive

    • Endpoint deceptions include Windows, Mac, Linux, and AWS credentials.
    • Early detection of endpoint credential theft and harvesting.


  • Authentic & Attractive Credentials

    • Customized to appear as production user.
    • Active directory integration for authenticity.


  • Ransomware Derailment

    • Ransomware deception bait.
    • High-interaction deception to stall attack.
    • Protects production data from exploitation

  • Accurate Detection

    • Reuse of deception credentials or engagement with deception drives raises a high-fidelity alert.
    • Failed login detection via SIEM integration and query.
    • Alerts are substantiated from engagement and actionable removing false positive fatigue.

Simple, Scalable Deployment for Endpoint Threat Deception

Flexible deployment options backed by machine-learning simplify deployment and ongoing operations.

  • Simple & Scalable

    • Agentless for simple deployment.
    • Flexible deployment options.
    • Designed to non-disruptively deploy and scale for large global networks.


  • Self-Managing Deployment & Refresh

    • Intelligent self-learning automates deployment.
    • Machine learning campaign proposals for automated refresh of the deception environment.


  • Central Management

    • Central global deployment management.
    • Integration with EDR Tools.
    • SIEM tool integration to query for failed logins.

Benefits of ThreatStrike Endpoint Suite

Gain immediate value by deploying network-based threat deception.

Early

Detection of credential theft
and ransomware attacks

Accurate

Alerts on credential use
or bait engagement

Proactively redirect and deflect attacks
Prevention

Proactively redirect &
deflect attacks

Authentic

Machine learning & AD
verified for authenticity

Scalable

Agentless design non-disruptively
scales for global deployments

Actionable

High-fidelity alerts
empower fast response

FORENSICS

Automated analysis, correlation,
visualization maps reduce MTTR

Automated icon
Automated

Integrations automate
endpoint isolation

Early

Detection of credential theft and ransomware attacks

Accurate

Alerts on credential use or bait engagement

Proactively redirect and deflect attacks
Prevention

Proactively redirect &
deflect attacks

Authentic

Machine learning & AD
verified for authenticity

Scalable

Agentless design non-disruptively scales for global deployments

Actionable

High-fidelity alerts empower fast response

FORENSICS

Automated analysis, correlation, visualization maps reduce MTTR

Automated icon
Automated

Integrations automate endpoint isolation

Use Cases

  • Credential Threat Detection


    By seeding deceptive credentials everywhere that appear real and hiding local admin accounts, organizations can detect when attackers attempt to compromise them.

  • Ransomware


    Detect, analyze, and delay ransomware attacks regardless of method. Protect production data from exploitation. Occupy ransomware with high-interaction deception to delay its spread.

  • Cloud Credential Attacks


    The solution provides deceptive credentials, access keys, containers, storage buckets, database tables, and database connectors, alerting on stolen credential theft and ruse, and cloud application activity.

  • Wire Transfer Credential Attacks


    Financial organizations can detect SWIFT credentials attacks and capture account information used for fraud.

  • AD Attack Interception


    Security teams can protect critical AD objects against unauthorized access to prevent their misuse by attackers.
Deployment Options

ThreatStrike for Credential Theft

Early Detection of Credential Theft
Agentless credential deceptions that appear in memory and registry keys.

ThreatStrike for Cloud

Early Detection of Cloud Credential Harvesting
Agentless credential deceptions that appear as AWS cloud credentials.

ThreatStrike for Ransomware

High-interaction Misdirection of Ransomware Attacks
Mapped drives and SMB shares to redirect and slow down the attack. Protect data and redirect attacks to decoys.

ThreatStrike Malware Analysis

Submit Phishing Emails for Malware Analysis
Add icon to email ribbon bar to automate submission of suspicious emails and investigation.

“Attivo is surfacing alerts that are not being seen by any of our other security tools ​and the beauty is that attention is mainly needed only when there is a threat.”

Sr Director Info Sec, Fortune 200 company