Knowing that an attacker is operating inside your network is valuable.However, knowing an attacker’s methods and gaining the threat intelligence to shut down current attacks and prevent future attacks, provides the empowerment to truly defend your networks and data centers.
Attivo forensics begins once a BOT or APT engages the Attivo BOTsink solution. With the intrusion contained, the BOTsink will capture full forensics including time, type, and other attack information in order to identify infected systems and complete analysis to gain a better understanding of the attack’s anatomy and objectives.
After the forensic analysis is completed, the engagement server is re-spun thus destroying the BOT or APT so it cannot continue its attack. Seamless eco-system integration also enables the updating of other prevention devices to stop current and future attacks.