Cybersecurity attacks are increasing in volume and effectiveness against military organizations, federal, state and local governments. Traditional network defenses have focused on preventing intrusions, but attackers continue to evade them.

Threat deception technology provides government entities the foundation for an active defense that provides early and accurate detection of in-network threats and the ability to respond to them quickly and decisively. Recognizing the importance of deploying deception to protect critical information, the National Institute of Standards and Technology has included it in SP 800-53,  SP 800-160 and the draft for 800-172.


risk of being compromised

Cyber Attacks on Sensitive Networks

The 3rd largest threat to government agencies with 71% having experienced a breach.


Protect Critical Infrastructure

60% of surveyed companies using ICS or SCADA reported experiencing a breach in 2017-2018.

Protect PII and Military Secrets

191 million records compromised at independent government civilian workforce agency.


Comply with regulatory mandates, directives and policy standards.


Government entities choose Attivo Networks® deception-based threat detection for:

proactive defense icon

Efficient and Reliable

Early detection of in-network human and automated attackers seeking to establish establish “backdoors” and breach networks.


Accurate detection of threats targeting business networks, operational infrastructures, industrial control systems and secure cities.

Accurate Visibility

Accurate visibility to in-network threats, exposed attack paths, sequencing, and replay.

Ease of Operations

Ease of Operation

Machine-learning automates deployment and operations. Actionable alerts, automation, and native integrations empower fast response to alerts.

Automated Incident Response

Native integrations with current SOC tools and existing security architecture to simplify incident response.


Targeted Attacks

The stakes are high for all forms of government – federal, state, local, and educational institutions are all not immune. Foreign intelligence services have a goldmine of information about federal employees at every level of the government that could be leveraged for additional highly-targeted cyber attacks and other espionage. Governments are an attractive target for cybercriminals that look to capitalize off of the sale of government personnel and financial data or to cause harm to critical infrastructure or human safety.

The ThreatDefend platform addresses the unique and diverse needs of government as a highly targeted industry. The solution deploys authentic decoys throughout the environment indistinguishable from your real assets that are designed to lure attackers in and remediate them from the network.

Early Visibility to Credential Theft & Lateral Movement

As a highly targeted industry, governments are faced with sophisticated attacks that are renowned for bypassing perimeter defenses. Agencies are targeted by both external and internal threat actors and a new approach to security is needed to gain visibility and detection of these adversaries.

Detection methods for early reconnaissance and early credential harvesting, not reliant upon known signatures of attacks. Deception uses engagement vs. database look up to identify threats making the technology key in catching human and automated attackers as they use new variants or zero-day attacks to penetrate an organization.

Protecting SCADA / Industrial Control Systems Infrastructures

Industrial controls systems (ICS-SCADA )are increasing being targeted by cyber terrorists, with the associated risks often viewed as a greater than that of physical threats. These systems often run on default credentials, older unpatchable operating systems or remain unpatched for security bugs and other issues if the patch could disturb existing system configurations or require any downtime or operating disruption. These risks are not limited to power and energy environments and are also present within smart city and building infrastructure.

The ThreatDefend platform provides early detection of attacks targeting ICS-SCADA devices and policy violations through the use of deceptions and decoys that appear indistinguishable to production assets. Effective for both upstream and downstream application, the ThreatDefend platform provides the needed visibility to in-network threats, attack analysis, and forensic reporting required to promptly derail attacks on critical infrastructure.

Malware/Ransomware/Crypto Mining Attacks

Malware, ransomware, and crypto mining attacks continue to exploit human mistakes and system vulnerabilities to find inroads into agencies of all sizes networks. Governments are primary targets due to the vast amount of data they hold and often complex operating environments that allow attackers to exploit systems for various forms of monetary gain or harm to environments.

The Attivo ThreatDefend platform is designed to derail these attacks by planting decoys and shared drives that appear as targets to the attacker. High interaction deception techniques will then engage and occupy the attacker, providing security teams the time needed to quarantine the infected system. Early detection and isolation better equip security teams to contain these attacks and stop an adversary before the attack can spread and cause additional damage.

Insider & 3rd Party Threat Detection

Employees, contractors, and suppliers all create increased security risks and can pose significant harm to agencies as adversaries look to steal personal and sensitive information or inflict harm. Wikileaks and Snowden are both prime examples on how the U.S. federal government security has been compromised.

Agencies must also comply with Executive Order 13578, which directs structural reforms to ensure responsible sharing and safeguarding of classified information on computer networks that shall be consistent with appropriate protections for privacy and civil liberties. Agencies bear the primary responsibility for meeting these twin goals. The policy goes on to say that agencies should establish an “Insider Threat Task Force” that aims to “deterring, detecting, and mitigating insider threats, including the safeguarding of classified information from exploitation, compromise, or other unauthorized disclosure, taking into account risk levels, as well as the distinct needs, missions, and systems of individual agencies.

The Attivo solution provides early and accurate visibility and detection for insiders, contractors, suppliers, and trusted 3rd party organizations that are attempting to compromise networks or are in violation of security policies. Deception blends in with the production environment and detects all forms of adversary by deploying mirror match (to production assets) decoys that detect reconnaissance and lateral movement, misdirect credential harvesting and privileged account escalation and reveal exposed credentials and misconfigurations that create adversary attack paths.

Attivo Networks in a Zero Trust Architecture for the Federal Government




Attivo Networks is proud to be a Small Business Member of AFCEA, a member-based organization providing a forum for military and government communities to connect with security and technology professionals from industry. www.afcea.org



FIPS Certificate

The Federal Information Processing Standard (FIPS) Publication 140-2 is a Government security standard issued by the National Institute of Standards and Technology (NIST) and is used to approve cryptographic modules in cyber security products for use in Federal Government environments.

Attivo products are certified for FIPS 140-2 at Level 1 and Level 2.

Common Criteria EAL2+ Certification

Common Criteria is an internationally recognized standard which defines a framework for evaluating the security of IT products. US Government organizations, international Government entities, and many global Fortune 500 corporations require Common Criteria certification to aid in the evaluation of IT security products for use in their infrastructures.

Attivo products are certified under Common Criteria at EAL 2+.

DHS Continuous Diagnostics and Mitigation

DHS Continuous Diagnostics and Mitigation (CDM)

Consistent with the Federal Government’s deployment of Information Security Continuous Monitoring (ISCM), the Continuous Diagnostics and Mitigation (CDM) Program is a dynamic approach to fortifying the cybersecurity of government networks and systems. The CDM Program provides cybersecurity tools, integration services, and dashboards to participating agencies to support them in improving their respective security posture.

Attivo products are currently on the CDM APL.

DoDIN APL Certification

Department of Defense Information Network Approved Products List (DoDIN APL) was created by the The Department of Defense to identify solutions that are trusted to address Government security concerns. The DoDIN APL is the agency’s master list of products available for purchase that are approved for deployment within the DoD’s technology infrastructure. Only those products listed will be considered for procurement by DoD contracting departments.

Attivo products are currently in Phase II of testing for the DoDIN APL.

Threat Deception Case Study

BOTsink Thwarts Crypto
Ransomware Attack

Government Health Provider
Crypto ransomware attack that continuously morphed making it difficult for the SOC team to eradicate
Customer was able to immediately detect and mitigate ransomware attacks, with live up-to-the-minute forensics generated by Attivo significantly reducing incident response times


Ready to find out what the Attivo Networks solution can do for your organization? Our security experts are standing by, ready to answer your questions.


“Deception and misdirection technology is the only capability at market to single-handedly enable large enterprises to shorten the gap to hours or even minutes, protecting sensitive customer and organizational data.”

Department of Defense Chief