Request Demo

Introduction to ThreatStrike Animated Video

PLAY VIDEO

Awards

SC 2020 Awards
Info Security Products Guide 2020 Gold
Astors award platinum 2019

ThreatStrike Endpoint-based Threat Deception

Gain immediate value with Credential Theft Visibility & Accelerated Response.

Detect

Credential Theft
& Harvesting

Derail

Ransomware
Attacks

Analyze

Attacks & Create
Forensic Reports

ThreatStrike Defend Alerting, Deflection, & Automated Isolation
Defend

Alerting, Deflection,
& Automated Isolation

EndPoint Deception

Windows

MAC

Linux

Cloud

Windows

MAC

Linux

Cloud

Endpoint-based Threat Deception

Early Detection of Stolen Credential & Ransomware Attacks

The Attivo ThreatStrike solution is an agentless technology that resides on the endpoint as a first line of defense against credential theft. Deception credentials lure attackers into engaging and revealing themselves. Through misdirection of the attack, organizations gain the advantage of time to detect, analyze, and stop an attacker.

Why Customers Choose ThreatStrike Deception
Detection &
Visibility
Deception Authenticity
Agentless
Scalability
Deployment
Flexibility
Endpoint Attack Forensics

Features

Early and Accurate Detection of In-Network Malicious Actors & Insiders

Deceive external and internal threats (employees, suppliers, contractors) into revealing themselves.

  • Comprehensive

    • Endpoint deceptions include Windows, Mac, Linux, and AWS credentials.
    • Early detection of endpoint credential theft and harvesting.


  • Authentic & Attractive Credentials

    • Customized to appear as production user.
    • Active directory integration for authenticity.


  • Ransomware Derailment

    • Ransomware deception bait.
    • High-interaction deception to stall attack.
    • Protects production data from exploitation

  • Scan Deflection

    • Deflect port scans to decoys
    • Make every endpoint part of the deception environment

  • Accurate Detection

    • Reuse of deception credentials or engagement with deception drives raises a high-fidelity alert.
    • Failed login detection via SIEM integration and query.
    • Alerts are substantiated from engagement and actionable removing false positive fatigue.

Simple, Scalable Deployment for Endpoint Threat Deception

Flexible deployment options backed by machine-learning simplify deployment and ongoing operations.

  • Simple & Scalable

    • Agentless for simple deployment.
    • Flexible deployment options.
    • Designed to non-disruptively deploy and scale for large global networks.


  • Self-Managing Deployment & Refresh

    • Intelligent self-learning automates deployment.
    • Machine learning campaign proposals for automated refresh of the deception environment.


  • Easy to Manage & Operate

    • Centralized threat intelligence dashboard.
    • Automated attack analysis.
    • Integrations for actionable Incident Response.


  • Central Management

    • Central global deployment management.
    • Integration with EDR Tools.
    • SIEM tool integration to query for failed logins.
    • Integrates with existing SOC tools.

Attack Analysis Automation

Capture Threat Intelligence to strengthen overall defenses.

  • Malware & Attack Analysis

    • Built-in sandbox automates attack correlation and analysis improving time to remediation.
    • Gain threat intelligence with attack tactics, techniques, procedures (TTP).
    • Automate malware and phishing email analysis.


  • In-depth Forensics

    • Sandboxed attacker engagement.
    • Record all attack activity on decoy disk, memory, and network layers.
    • Watch lateral movement and record C&C communications.
    • Gain adversary intelligence.


  • Endpoint Forensics

    • Endpoint forensics to expedite remediation.
    • Reveal in-memory attacker data, such as hooked processes, open network connections, API calls, and more for threat intelligence.


  • Threat Intelligence Dashboard

    •  Standard & advanced dashboard settings for simple operation.
    • Optional Central Manager provides on premise or cloud centralized threat management.
    • Extensive native integrations for attack information sharing.

Automated Incident Response

Reduce mean time to response with actionable alerts, visualization, & automated response.

  • Substantiated Alerts

    • Actionable alerts are created from attacker engagement or credential reuse.
    • High-fidelity alerts are substantiated with details from attacker engagement.
    • Full forensics make for actionable response.


  • Siem Integration

    • Query SIEMs for deception credential failed login in.
    • Share attack info for more efficient threat hunting.
    • Reduce SIEM processing cycles through shared detection alerts.


  • 3rd Party Integrations

    • Extensive integrations accelerate incident response with automated blocking, isolation, and threat hunting.
    •  Incident response can be activated within dashboard or fully automated.


  • Repeatable Playbooks

    • Automate response to recognized attacks with ThreatOps® Playbooks.
    • Automate workflow process from response to trouble ticket remediation.
    • Faster, predictable response.

Benefits of ThreatStrike Endpoint Suite

Gain immediate value by deploying network-based threat deception.

Early

Detection of credential theft
and ransomware attacks

Accurate

Alerts on credential use
or bait engagement

Proactively redirect and deflect attacks
Prevention

Proactively redirect &
deflect attacks

Authentic

Machine learning & AD
verified for authenticity

Scalable

Agentless design non-disruptively
scales for global deployments

Actionable

High-fidelity alerts
empower fast response

FORENSICS

Automated analysis, correlation,
visualization maps reduce MTTR

Automated icon
Automated

Integrations automate
endpoint isolation

Early

Detection of credential theft and ransomware attacks

Accurate

Alerts on credential use or bait engagement

Proactively redirect and deflect attacks
Prevention

Proactively redirect &
deflect attacks

Authentic

Machine learning & AD
verified for authenticity

Scalable

Agentless design non-disruptively scales for global deployments

Actionable

High-fidelity alerts empower fast response

FORENSICS

Automated analysis, correlation, visualization maps reduce MTTR

Automated icon
Automated

Integrations automate endpoint isolation

Use Cases

  • Credential Threat Detection


    By seeding deceptive credentials everywhere that appear real and hiding local admin accounts, organizations can detect when attackers attempt to compromise them.

  • Ransomware


    Detect, analyze, and delay ransomware attacks regardless of method. Protect production data from exploitation. Occupy ransomware with high-interaction deception to delay its spread.

  • Cloud Credential Attacks


    The solution provides deceptive credentials, access keys, containers, storage buckets, database tables, and database connectors, alerting on stolen credential theft and ruse, and cloud application activity.

  • Wire Transfer Credential Attacks


    Financial organizations can detect SWIFT credentials attacks and capture account information used for fraud.

  • Attack Correlation & Malware Analysis


    The solution can create threat intelligence and forensic reports based upon detected attacks and analyzed phishing emails for a more accurate remediation.

  • AD Attack Interception


    Security teams can protect critical AD objects against unauthorized access to prevent their misuse by attackers.

  • Port Scan Deflection


    The solution detects and deflects port scans to redirect attackers to decoys for engagement.

ENDPOINT DECEPTION PRODUCT OFFERINGS

Solutions are available in virtual machines format, as an appliance or service.

THREATSTRIKE ENDPOINT SUITE

  • Agentless Endpoint Deception

Add deceptive credentials, ransomware bait, and malware analysis capabilities to expand the deception deployment at the endpoint. Sold as a license.

Download Data Sheet

THREATPATH ASSESSMENT

  • See Paths Attackers Can Take

See how an attacker views the network with maps that identify the paths they could traverse based on misused, misconfigured, and orphaned credentials. Sold as a license.

Download Data Sheet
Deployment Options

ThreatStrike for Credential Theft

Early Detection of Credential Theft
Agentless credential deceptions that appear in memory and registry keys.

ThreatStrike for Cloud

Early Detection of Cloud Credential Harvesting
Agentless credential deceptions that appear as AWS cloud credentials.

ThreatStrike for Ransomware

High-interaction Misdirection of Ransomware Attacks
Mapped drives and SMB shares to redirect and slow down the attack. Protect data and redirect attacks to decoys.

ThreatStrike Malware Analysis

Automate Phishing / Malware Analysis
Add icon to email ribbon bar to automate submission of suspicious emails and investigation.

Attack Path Vulnerability Assessment

Quickly Understand Exposed Attack Paths (add on)
Easily visualize paths an attacker could take to reach their targets.

“Attivo is surfacing alerts that are not being seen by any of our other security tools ​and the beauty is that attention is mainly needed only when there is a threat.”

Sr Director Info Sec, Fortune 200 company

SPOTLIGHT

ThreatStrike® Solution
Animated Video

LEARN MORE

Resources

Ready to find out what’s lurking in your network?

Schedule Demo
Contact Us