No security administrator has the time to waste chasing false positives or noisy alert storms. That is why the Attivo BOTsink Solution only provides accurate, actionable, and substantiated alerts.
Every node and subnet in your network, private or public data center can become a trap in the Attivo dynamic deception solution. Designed to lure attackers into engaging, Attivo can quickly identify an infection and provide the threat intelligence to take immediate action to isolate and respond to an attack.
As a deception server inside the network, there is no legitimate reason for any user to communicate with the Attivo BOTsink Solution. Any scans or attempts to engage with an Attivo deception server represent an attacker trying to find and target high-value network assets. Additionally, with the Attivo Information Relay Entrapment System (IRES) Solution, IRES deception credentials can be detected by the BOTsink and other perimeter security solutions to identify an infected endpoint.
Although all alerts are the result of unauthorized engagement, security administrators can choose to set the Attivo threat management dashboard to alert them of low, medium, and high alerts based on the security policies that they wish to set. Additionally, through the Attivo Central Manager, alerts can be aggregated and reports created to better understand and drill down into attacker activity and patterns.