Awards

SC 2020 Awards
Info Security Products Guide 2020 Gold
Astors award platinum 2019

OVERVIEW

Attivo solutions provide immediate value with in-network visibility into attack activity, prevention of malicious access to sensitive and critical data and accounts, and early detection and alerting of discovery, lateral movement, and privilege escalation activities.  The company achieves this with innovations in Active Directory protection, endpoint defenses, and network security to reduce the attack surface, misdirect attack activity, and conceal sensitive or critical data.

Attackers have proven themselves capable of evading defenses to breach networks. They masquerade as legitimate employees, use stolen credentials, and take advantage of detection gaps to infiltrate a network, all while remaining undetected for extended dwell times. Security teams are challenged to be successful 100% of the time, whereas an attacker must only get lucky once. It’s now time to turn the tables on attackers with advanced solutions capable of revealing adversaries when they attempt to look or move around.

Attivo solutions provide extensive visibility into in-network attack activity across any attack surfaces, whether on-premises, in the cloud, or at remote locations. Unique cyber deception technology provide capabilities  to deceive, misdirect, and hide and deny access to critical data to prevent account compromise and misinform discovery activity.  They derail in-network lateral movement with early detection and alerting as attackers attempt to look or move around between systems.  The mere act of observation reveals the attacker early in the attack cycle, empowering organizations to rapidly respond to threats inside the network before the attackers can cause extensive damage.

A Proactive Defense Disrupts an Attacker’s
Playbook and Changes the Asymmetry of an Attack

Visibility
Visibility

See attack activity across any attack surface, regardless of location.

Proactive Prevention
Prevention

Deny attackers from exploiting high-privileged accounts and sensitive data.

In-Network Detection
Detection

Alert on in-network discovery, lateral movement, and privilege escalation activity.

Attivo Within the Security Control Stack

Attivo solutions provide “eyes within the network” visibility to threats that have evaded perimeter defenses. By interweaving detection assets within the network, security teams can accurately and efficiently alert on discovery, lateral movement, and privilege escalation activities, improving time to detection and reducing attacker dwell time.

Attivo Within the Security Control Stack

DECEPTION DISRUPTS AN ATTACKER’S PLAYBOOK
AND CHANGES THE ASYMMETRY OF AN ATTACK

DWELL TIME

Attackers take their time, and assume they can move slowly through the network to avoid detection.

ESCALATION

Attackers will move laterally inside the network and escalate privileges to reach critical assets.

derailing attacks
MISDIRECTION

Most attackers trust the information they steal is real and will act accordingly.

Attack Prevention and Detection

Deception and Denial work hand-in-hand to prevent and detect discovery, lateral movement, and privilege escalation attack activities.  While deception misdirects attacks and gathers critical adversary intelligence, denial prevents attackers from seeing and exploiting essential information to progress their attack and compromise sensitive data.

Attivo Networks Deception Denial

COMPREHENSIVE COVERAGE FOR MITRE® FRAMEWORKS

MITRE frameworks are useful for understanding security risk against known adversary behavior, planning security improvements, and verifying defenses work as expected. The Attivo Networks ThreatDefend Platform provides extensive capabilities to detect many of the techniques outlined in the ATT&CK Matrix and Shield Framework, offering the industry’s most comprehensive threat detection coverage.

Attivo users see an average increase of 42% in detection rate when leveraging the Attivo Networks EDN solution with traditional endpoint security tools. To learn more, check out the TAG Cyber report on using Deception to Improve MITRE ATT&CK Test Results for Endpoint Security, the Attivo Testing Insights solution brief, and the MITRE whitepaper that maps our comprehensive coverage.

MITRE Shield

The ThreatDefend® Platform, comprised of the ADSecure™, BOTsink®, and Endpoint Detection Net (EDN) solutions – represents the industry’s most comprehensive threat detection coverage, providing organizations with 27 of the 33 defensive techniques presented in MITRE Shield. Learn more by checking out our blog and our solution brief.

Alert Efficiency with Attivo Solutions

Research shows that Attivo solutions provide organizations with a high-fidelity, low-noise attack detection solution that improves efficiency. Attivo’s cyber deception technology not only reduces the cost of data breaches, but also increases the efficiencies of typical Security Operations Center or SOC operations, thereby providing direct and measurable financial benefits for organizations of all sizes and types.

MAXIMUM SIGNAL-TO-NOISE ALERT RATIO FUNNEL

MAXIMUM SIGNAL-TO-NOISE ALERT RATIO FUNNEL

By Deploying Attivo Solutions into the Environment, Organizations Can:

Comprehensive Detection Coverage

NETWORK

Early, accurate detection of network-based attack activities such as Man-in-the-Middle and reconnaissance.

ENDPOINT

Visibility into endpoint discovery, lateral movement, and privilege escalation activities such as AD queries and port scans.

APPLICATIONS

Detection of attacks targeting critical applications such as SWIFT, infrastructure control panels, or web servers.

DATA

Hide, deny access to, and detect attacks targeting data such as local files, AD, databases, or sensitive documents.

Closing Threat Detection Gaps for All Attack Vectors

Perimeter and endpoint security solutions cannot reliably stop attacks from all vectors and methods. This has resulted in attacker dwell times averaging 56+ days (M-Trends 2020 Report). Attivo solutions play a critical role in changing this paradigm by detecting attacks that have evaded other security controls, early and accurately, regardless of the methods used to compromise the network. The solutions uses cyber deception technologies that are not reliant on signatures or database look-up but instead alert on confirmed attack activity. This makes Attivo scalable and capable of reliably detecting attackers using ever-changing attack methods and targeting rapidly evolving attack surfaces.

alert icon
Critical Data Compromise
CREDENTIAL
THEFT/REUSE
NETWORK
RECONNAISSANCE
ACTIVE DIRECTORY
RECONNAISSANCE
Port & Service Exploitation
Port & Service Exploitation
MAN-IN-THE-MIDDLE
ATTACK

DETECTING THE ADVERSARY

Threats arise from a variety of factors and can come in the form of internal or external threat actors. Outside adversaries, insiders, contractors, and suppliers are all capable of creating risk and potentially breaching an organization. Since they all are within the perimeter, many traditional security controls are ineffective or unreliable as they try to learn behaviors and alert on suspicious activities that deviate from normal baselines. Organizations must apply a different approach to in-network detection. These security controls must be capable and accurate in detecting nefarious activities, policy violation, and risks from human error.

Attivo solutions play a critical role in detecting adversary behavior and in alerting on employee conduct outside of authorized practices. This could relate to unauthorized access, BYOD devices, undesirable activities, and insight into M&A integrations. One interaction with an Attivo solution provides a substantiated alert with details of attempted actions. This provides the proof often required to take corrective and even legal action to protect an organization’s data, IP, patents, and other operating controls.

EXTERNAL
EMPLOYEES
SUPPLIERS
CONTRACTORS
MERGERS &
ACQUISITIONS
PEN TESTERS

USE CASES

  • Early Threat Detection

    • — Detect discovery activity
    • — Not reliant on signatures to detect attacks
    • — No pattern matching or database look up


  • Lateral Movement Threat Detection

    • — In-network threat detection
    • — Detect early reconnaissance
    • — Detect lateral movement
    • — Detect activities used to maintain presence


  • Evolving Attack Surface

    • — Detects across every attack surface
    • — User Network
    • — Data Center
    • — Cloud (AWS, Azure, Google, OpenStack)
    • — Specialized: IOT, ICS, POS, SWIFT, Router


  • Man-in-the-Middle Attacks

    • — Early detection of MitM attacks
    • — Attack replay to better understand movement


  • Detection of Data Attacks

    • — Misdirect attacks away from production data
    • — DecoyDocs for counterintelligence on attacker intent
    • — hide and deny access to sensitive data and storage


  • Compliance Breach Investigation M&A Visibility

    • — Demonstrate in-network detection
    • — Forensics to demonstrate resolution
    • — Trust but verify M&A visibility
    • — Blue Team’s choice control during Pen Testing


  • Skills Shortage & Ability to Respond to Incident

    • — High-fidelity alerts are actionable
    • — Basic and advanced user interface
    • — Easy to deploy and operate
    • — Automations for attack analysis and incident response

Attivo Solutions for Ongoing Assessment and Compliance

The Attivo ThreatDefend platform plays an important role in proving network resiliency. Blue teams can go into Pen Tests with confidence that they can detect and record the actions of their Red team adversaries. One of the benefits of the ThreatDefend platform is its ability to not only detect Active Directory and other forms of reconnaissance and credential theft, but also in its ability to record and report on every move for the proof that they are well-equipped to detect and respond quickly to threats. These reports can also be crucial for proving company and supplier compliance.

Think that the ThreatDefend platform won’t be effective if the Red team knows it’s installed? You will be pleasantly surprised that the platform passes with flying colors, even when attackers anticipate the presence of cyber deception. Want to see what an attacker would see or how it will hold up against the adversary? Check out the ThreatDefend platform and request a demo.

LEARN MORE

SPEAK TO A SECURITY SPECIALIST

Ready to find out what the Attivo Networks solution can do for your organization? Our security experts are standing by, ready to answer your questions.

Visibility & Detection

“The most important thing you do is provide me alerts based on confirmed activity. You are my eyes & ears on the inside of my network… the nerve center” – Sr Director InfoSec at Top 50 Retail Organization