The ThreatDefend platform provides immediate value with precise detection and prevention functions based on its unique capability to simultaneously deceive attacks and deny access to sensitive objects while providing early and accurate detection.
The ThreatDefend platform’s two-pronged approach to security provides greater coverage against discovery, lateral movement, and privilege escalation activities. Deception technology misdirects attackers away from production assets to attack decoys that record their activities while gathering forensics and adversary intelligence. Denial technology goes one step further by preventing attackers from seeing or accessing valuable data and objects such as local administrator accounts, files, folders, network or cloud mapped shares, open ports and services, or Active Directory objects. Any interaction that touches the deception or the attempts to discover the hidden objects generates an alert that notifies security teams to the attacker’s presence. Denial technology is especially effective against modern-day human-driven ransomware attacks that use APT-style tactics to discover critical data for encryption and exfiltration. Deceiving and denying access provides both detection and prevention functions without affecting regular operations.
Deception is not just a fancy honeypot. Honeypots first appeared in the 80’s and served as a useful function for understanding who was attacking an organization from outside the network. Commercial deception technology has come a very long way in evolving the technology to now serve as a high-fidelity in-network detection control. Honeypot limitations associated with scale and operations are now removed by using virtualization and machine-learning automation to manage creating, deploying, and operating the deception environment. The Attivo Networks ThreatDefend platform takes deception even further and into the area of active defense, which incorporates automated attack analysis, forensics, and native integrations for accelerated incident response.
AWS, Azure, OpenStack, Google
Distributed, microsegmented,
private, public, hybrid
User, guest, wireless, wired
Mac, Windows, Linux, credentials, mapped shares, profile data
ICS/SCADA, POS, telecom, IoT medical devices, infrastructure
SWIFT, data, database, document
Remote office, branch office
Trusted domains, deceptive systems and user accounts
Decoys that Mirror-Match Production Assets
Deceptive Decoy Services to Misdirect Attacks
Deceptive Applications to Entice Attackers
Decoys that Mirror-Match Production Assets
Deceptive Decoy Services to Misdirect Attacks
Deceptive Applications to Entice Attackers
Ready to find out what the Attivo Networks solution can do for your organization? Our security experts are standing by, ready to answer your questions.
Attivo Networks® ThreatDefend™ Deception and Response Platform Overview
Attivo Networks® ThreatDefend™ Deception and Response Platform Overview