OVERVIEW

The best protection against cybersecurity attackers is to have an adaptive security defense, which is based on prevention, detection, and response systems working together to provide early detection, continuous threat management, and accelerated response. Attivo works actively with industry leading providers of firewall, NAC, SIEM, malware database solutions to share attack information and reduce the complexity and time associated with dealing with cyber threats. Below is a list of our integration and strategic go-to-market partners that are working together to bring these integrated solutions to markets across the globe.

 

Integration Solution Partner Brief

Integration Partners

Amazon Web Services

Attivo Networks provides the industry’s first globally scalable deception technology solution that detects inside-the-network threats across enterprise, private and public clouds. The Attivo BOTsink platform efficiently detects threats within all network and Amazon Web Services data center environments with the Attivo Central Manager providing universal control and centralization of threat intelligence for its global BOTsink deployments.

Aruba, a Hewlett Packard Enterprise Company

Attivo Networks has partnered with Aruba, a Hewlett Packard Enterprise company to deliver a highly scalable network access solution integrating the Attivo Networks Deception Platform and Aruba ClearPass platform. This integration provides customers with the ability to identify users and devices on wired and wireless networks, detect threats in real-time, gather attack analysis and automatically remediate suspect devices based on intent – regardless of user role or device type.

Carbon Black

Attivo Networks has partnered with Carbon Black to provide organizations early detection of in-network threats, automated response actions based on deception server engagement, and the ability to query Carbon Black servers for additional forensic artifacts on other infected systems. The integrated solution, which includes the Attivo Deception and Response Platform and the Carbon Black Platform will provide organizations an advanced level of visibility and improve overall threat management operations by simplifying information sharing and automating incident response actions.

Resources

Check Point Software Technologies Ltd. 

Attivo Networks has partnered with Check Point Software Technologies Ltd. to deliver an integrated solution between Attivo Deception Platform and the Check Point R80 that empowers continuous threat management using dynamic deceptions for real-time detection and analysis and enables accelerated response to cyber incidents. Detailed attack forensics shared automatically with Check Point Firewall allows prompt blocking to prevent exfiltration of data.

Cisco

Information sharing and the automation of incident response, for blocking and quarantining an active attack, can dramatically reduce the risk and impact of a potential breach. Attivo Networks deception technology allows for the real-time detection and identification of reconnaissance activities and early lateral movement infections that are often the first step in a sophisticated breach strategy. Configuring BOTsink engagement servers to integrate with the Cisco pxGrid, ISE, and ASA delivers an effective and efficient solution for early threat detection, prompt incident response, and the derailing of cyberattacks. Together, Attivo Networks and Cisco Systems can increase network defenses in an operationally efficient manner.

Citrix

Citrix is powering a better way to work with unified workspace, networking, and analytics solutions that help organizations unlock innovation, engage customers, and boost productivity, without sacrificing security. With Citrix, users get seamless work experience and IT has a unified platform to secure, manage, and monitor diverse technologies in complex cloud environments. Citrix solutions are in use by more than 400,000 organizations including 98 percent of the Fortune 500.

CrowdStrike 

Attivo Networks has partnered with CrowdStrike to give organizations early and accurate in-network threat detection, better protection at the endpoint, and automated incident response to block and quarantine attackers before they spread. The joint solution improves security through the rapid detection of and response to an attacker’s attempts to move laterally across the network.  The partnership provides company-centric threat intelligence to improve defenses and elevate the organization’s security posture, reducing the time and resources required to detect threats, analyze attacks, and remediate infected endpoints.

Resources

Demisto

Attivo Networks® has partnered with Demisto, a Palo Alto Networks Company to provide advanced security orchestration and incident management.  With the joint solution, customers gain visibility into their environment and attack intelligence that the Attivo Networks ThreatDefend™ decoy systems collect and feed to Demisto.

Digital Defense

The Digital Defense Frontline.Cloud™ integration with Attivo Networks® identifies high-risk/critical assets with business context that are highly vulnerable to exploits, remain unpatched, are un-patchable or have already been infected in real-time. The integration with the Attivo Networks BOTsink® solution allows administrators to quickly and confidently make strategic decisions on where to dynamically deploy additional deception technology assets to enhance their deception deployment and further misdirect attackers. This gives organizations the advantage of time to detect, analyze, and stop an attacker even as their risk posture and critical assets change.

FireEye

Attivo Networks® has partnered with FireEye to provide advanced, real-time, in-network threat detection and improved automated incident response. With the joint solution, customers receive improved threat intelligence to isolate compromised systems based on suspicious activity. Organizations can reduce time and resources required to detect threats, analyze attacks, and to remediate infected endpoints, ultimately decreasing the organization’s risk of breaches and data loss.

ForeScout

Attivo Networks has partnered with ForeScout to deliver an integrated solution between the Attivo Networks Deception Platform and ForeScout CounterACT. This joint solution allows customers to detect threats in real-time, gather attack analysis and choose to manually or automatically block attackers and quarantine end-points based on suspicious activity. Additionally, the integration can be used for easy and centralized deployment of the Attivo Endpoint Suite.

Resources

Fortinet

Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network – today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. More than 280,000 customers worldwide trust Fortinet to protect their businesses.

Google

For organizations wanting to deploy Active Directory to the cloud, Google offers its Managed Service for AD on its Google Cloud Platform.  While the platform provides security for the infrastructure, the Attivo Networks ADSecure solution protects the data within AD to prevent cybercriminals from successfully reaching and compromising it without impacting production.

Resources

GoSecure Powered by CounterTack

The integration of the Attivo ThreatDefend Platform with GoSecure empowers organizations with an integrated and active defense platform. Together they provide effective endpoint control through policy and threat prevention, realtime detection of cyber attackers, and the ability to mitigate risks by instantly quarantining the infected endpoints

Resources

IBM QRadar

Attivo Networks Deception and Response Platform integrates with IBM® QRadar®. IBM QRadar Security Intelligence Platform provides a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics, incident response, and configuration and vulnerability management. It uses an advanced Sense Analytics Engine to detect advanced threats while providing greater ease of use and lower total cost of ownership.

 

IBM Security Resilient

Attivo Networks® has partnered with IBM® to provide advanced security orchestration and incident management through the Resilient SOAR platform. The solution gives customers visibility into their environment and threat intelligence from the Attivo Networks ThreatDefend® decoys that feed into the Resilient platform to automate security orchestration and incident response. The integration reduces an organization’s time and resources requirements to detect, identify, and respond to threats, thereby reducing the risk of a successful attack.

 

Juniper Networks

Attivo Networks provides a complimentary line of defense to perimeter security solutions and detects cyber attacks that have by-passed all other security prevention solutions. Attivo dynamic deception provides the detection and visibility into BOTs and APTs that are in the network and through integration, the BOTsink solution will update the Juniper Networks SRX Series Firewalls to quarantine infected nodes dramatically reducing the time required for detection, quarantining, and remediation.

McAfee

Attivo Networks® has partnered with McAfee® to detect real-time in-network threats and to automate incident response by enabling the automated quarantine of infected endpoints, redirection of potentially malicious traffic, and threat intelligence sharing with other McAfee partners. The Attivo Networks ThreatDefend™ platform’s native integrations with McAfee ePolicy Orchestrator (ePO), Enterprise Security Manager (ESM) SIEM, and Network Security Platform (NSP) allow for an accelerated incident response. The integration in the Data Exchange Layer communication fabric provides a robust and efficient way to share rich forensic information across multiple solutions.

Microsoft

The Attivo Networks® integration with Microsoft further enhances detection and response for Azure IoT Edge with the ThreatDefend® platform. Since the intelligent edge is a prime target for attackers, Azure IoT Edge actively addresses these inherent risks by collaborating with innovative security companies such as Attivo who are effective at efficiently detecting attackers in these emerging environments. The integration provides customers a reliable way to quickly and confidently detect, redirect, and respond to in-network attackers.

Palo Alto Networks

Attivo Networks and Palo Alto Networks have teamed up with NextGen firewall and BOTsink deception server integration to provide early threat detection and the automatic blocking of attacks. With this integration, customers have the ability to detect in-network threats, analyze attacks, and automate incident response actions improving an organization’s defense against advanced threats. 

Resources

Quantea

The Quantea QP and PureInsight® paired with Attivo’s BOTsink® provides advanced, real-time, in-network threat detection and improved incident response. With the joint solution, customers receive improved threat intelligence to not only identify all affected nodes of compromised systems but also to uncover full network packet information and the propagation path of an attack. Organizations can reduce time and resources required to detect threats, analyze attacks, and to remediate infected endpoints, ultimately decreasing the organization’s risk of breaches and minimizing data loss.

Resources

ReversingLabs

Attivo Networks has partnered with ReversingLabs to provide advanced threat hunting and analysis capabilities. With the joint solution, customers obtain enriched data regarding files attackers use on decoy systems by leveraging ReversingLabs reputational services, malware hunting, and file analysis capabilities. Customers can reduce time and resources required to detect and identify threats, analyze malware, and to remediate infected endpoints, ultimately decreasing an organization’s risk of breaches and data loss.

Resources

ServiceNow

Attivo Networks® has partnered with ServiceNow to provide advanced, real-time, in-network threat detection and improved automated incident response.  With the joint solution, customers receive improved threat intelligence, with high fidelity alerts based on confirmed suspicious activity, that lets them initiate service tickets automatically.

Resources

SPLUNK

Attivo Networks Deception and Response PlatformTM integrates with Splunk® that is well-known for its Log Management capabilities and also for its SIEM solutions. The integration provides the ability for the Attivo solution to query the SIEM for the use of deception credentials and for the solution to automatically push found attack information to the Splunk solution for improved threat prevention. The solution is also supported by the Splunk app.

 

Resources

SPLUNK PHANTOM

Attivo Networks® has partnered with Splunk® to provide advanced security orchestration and incident management through the Splunk Phantom platform.  With the joint solution, customers gain visibility into their environment and attack intelligence that the Attivo Networks ThreatDefend™ decoy systems collect and feed to Splunk Phantom.

Resources

Symantec

Attivo Networks® has partnered with Symantec to provide advanced, real-time, in-network threat detection and improved automated incident response. With the joint solution, customers receive improved threat intelligence to isolate compromised systems based on suspicious activity.

Resources

Tanium

Attivo Networks® has partnered with Tanium® to provide advanced, real-time, in-network threat detection, attack analysis, and improved automated incident response to block and quarantine infected endpoints. With the joint solution, customers can review alerts and the accompanying attack forensics and assign endpoint policies to automatically block and isolate systems deemed compromised.

Resources

ThreatConnect

Attivo Networks® has partnered with ThreatConnect® to provide advanced threat intelligence sharing and analysis capabilities. With the joint solution, customers gain visibility on attack information and threat intelligence that the ThreatDefend™ decoy systems collect and feed to ThreatConnect.

Resources

VirusTotal

Attivo Networks has partnered with VirusTotal to provide advanced threat intelligence sharing and analysis capabilities.  With the joint solution, customers gain visibility on attack information and threat intelligence from the Attivo Networks ThreatDefend™ decoy systems, which collect suspicious files that are then fed into VirusTotal for comprehensive analysis.

 

Together we do great things.  Get Started.