OVERVIEW

The best protection against cybersecurity attackers is to have an adaptive security defense, which is based on prevention, detection, and response systems working together to provide early detection, continuous threat management, and accelerated response. Attivo works actively with industry leading providers of firewall, NAC, SIEM, malware database solutions to share attack information and reduce the complexity and time associated with dealing with cyber threats. Below is a list of our integration and strategic go-to-market partners that are working together to bring these integrated solutions to markets across the globe.

 

Integration Solution Partner Brief

Integration Partners

Amazon Web Services

Attivo Networks provides the industry’s first globally scalable deception technology solution that detects inside-the-network threats across enterprise, private and public clouds. The Attivo BOTsink platform efficiently detects threats within all network and Amazon Web Services data center environments with the Attivo Central Manager providing universal control and centralization of threat intelligence for its global BOTsink deployments.

Aruba, a Hewlett Packard Enterprise Company

Attivo Networks has partnered with Aruba, a Hewlett Packard Enterprise company to deliver a highly scalable network access solution integrating the Attivo Networks Deception Platform and Aruba ClearPass platform. This integration provides customers with the ability to identify users and devices on wired and wireless networks, detect threats in real-time, gather attack analysis and automatically remediate suspect devices based on intent – regardless of user role or device type.

Carbon Black

Attivo Networks has partnered with Carbon Black to provide organizations early detection of in-network threats, automated response actions based on deception server engagement, and the ability to query Carbon Black servers for additional forensic artifacts on other infected systems. The integrated solution, which includes the Attivo Deception and Response Platform and the Carbon Black Platform will provide organizations an advanced level of visibility and improve overall threat management operations by simplifying information sharing and automating incident response actions.

Resources

Check Point Software Technologies Ltd. 

Attivo Networks has partnered with Check Point Software Technologies Ltd. to deliver an integrated solution between Attivo Deception Platform and the Check Point R80 that empowers continuous threat management using dynamic deceptions for real-time detection and analysis and enables accelerated response to cyber incidents. Detailed attack forensics shared automatically with Check Point Firewall allows prompt blocking to prevent exfiltration of data.

Cisco

Information sharing and the automation of incident response, for blocking and quarantining an active attack, can dramatically reduce the risk and impact of a potential breach. Attivo Networks deception technology allows for the real-time detection and identification of reconnaissance activities and early lateral movement infections that are often the first step in a sophisticated breach strategy. Configuring BOTsink engagement servers to integrate with the Cisco pxGrid, ISE, and ASA delivers an effective and efficient solution for early threat detection, prompt incident response, and the derailing of cyberattacks. Together, Attivo Networks and Cisco Systems can increase network defenses in an operationally efficient manner.

Resources

Demisto

Attivo Networks® has partnered with Demisto, a Palo Alto Networks Company to provide advanced security orchestration and incident management.  With the joint solution, customers gain visibility into their environment and attack intelligence that the Attivo Networks ThreatDefend™ decoy systems collect and feed to Demisto.

Digital Defense

The Digital Defense Frontline.Cloud™ integration with Attivo Networks® identifies high-risk/critical assets with business context that are highly vulnerable to exploits, remain unpatched, are un-patchable or have already been infected in real-time. The integration with the Attivo Networks BOTsink® solution allows administrators to quickly and confidently make strategic decisions on where to dynamically deploy additional deception technology assets to enhance their deception deployment and further misdirect attackers. This gives organizations the advantage of time to detect, analyze, and stop an attacker even as their risk posture and critical assets change.

Resources

FireEye

Attivo Networks® has partnered with FireEye to provide advanced, real-time, in-network threat detection and improved automated incident response. With the joint solution, customers receive improved threat intelligence to isolate compromised systems based on suspicious activity. Organizations can reduce time and resources required to detect threats, analyze attacks, and to remediate infected endpoints, ultimately decreasing the organization’s risk of breaches and data loss.

ForeScout

Attivo Networks has partnered with ForeScout to deliver an integrated solution between the Attivo Networks Deception Platform and ForeScout CounterACT. This joint solution allows customers to detect threats in real-time, gather attack analysis and choose to manually or automatically block attackers and quarantine end-points based on suspicious activity. Additionally, the integration can be used for easy and centralized deployment of the Attivo Endpoint Suite.

Resources

Fortinet

Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network – today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. More than 280,000 customers worldwide trust Fortinet to protect their businesses.

Resources

GoSecure Powered by CounterTack

The integration of the Attivo ThreatDefend Platform with GoSecure empowers organizations with an integrated and active defense platform. Together they provide effective endpoint control through policy and threat prevention, realtime detection of cyber attackers, and the ability to mitigate risks by instantly quarantining the infected endpoints

Resources

IBM

Attivo Networks Deception and Response Platform integrates with IBM® QRadar®. IBM QRadar Security Intelligence Platform provides a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics, incident response, and configuration and vulnerability management. It uses an advanced Sense Analytics Engine to detect advanced threats while providing greater ease of use and lower total cost of ownership.

 

Juniper Networks

Attivo Networks provides a complimentary line of defense to perimeter security solutions and detects cyber attacks that have by-passed all other security prevention solutions. Attivo dynamic deception provides the detection and visibility into BOTs and APTs that are in the network and through integration, the BOTsink solution will update the Juniper Networks SRX Series Firewalls to quarantine infected nodes dramatically reducing the time required for detection, quarantining, and remediation.

McAfee

Attivo Networks® has partnered with McAfee® to detect real-time in-network threats and to automate incident response by enabling the automated quarantine of infected endpoints, redirection of potentially malicious traffic, and threat intelligence sharing with other McAfee partners. The Attivo Networks ThreatDefend™ platform’s native integrations with McAfee ePolicy Orchestrator (ePO), Enterprise Security Manager (ESM) SIEM, and Network Security Platform (NSP) allow for an accelerated incident response. The integration in the Data Exchange Layer communication fabric provides a robust and efficient way to share rich forensic information across multiple solutions.

Palo Alto Networks

Attivo Networks and Palo Alto Networks have teamed up with NextGen firewall and BOTsink deception server integration to provide early threat detection and the automatic blocking of attacks. With this integration, customers have the ability to detect in-network threats, analyze attacks, and automate incident response actions improving an organization’s defense against advanced threats. 

Resources

ReversingLabs

Attivo Networks has partnered with ReversingLabs to provide advanced threat hunting and analysis capabilities. With the joint solution, customers obtain enriched data regarding files attackers use on decoy systems by leveraging ReversingLabs reputational services, malware hunting, and file analysis capabilities. Customers can reduce time and resources required to detect and identify threats, analyze malware, and to remediate infected endpoints, ultimately decreasing an organization’s risk of breaches and data loss.

Resources

ServiceNow

Attivo Networks® has partnered with ServiceNow to provide advanced, real-time, in-network threat detection and improved automated incident response.  With the joint solution, customers receive improved threat intelligence, with high fidelity alerts based on confirmed suspicious activity, that lets them initiate service tickets automatically.

Resources

SPLUNK

Attivo Networks Deception and Response PlatformTM integrates with Splunk® that is well-known for its Log Management capabilities and also for its SIEM solutions. The integration provides the ability for the Attivo solution to query the SIEM for the use of deception credentials and for the solution to automatically push found attack information to the Splunk solution for improved threat prevention. The solution is also supported by the Splunk app.

 

Resources

SPLUNK PHANTOM

Attivo Networks® has partnered with Splunk® to provide advanced security orchestration and incident management through the Splunk Phantom platform.  With the joint solution, customers gain visibility into their environment and attack intelligence that the Attivo Networks ThreatDefend™ decoy systems collect and feed to Splunk Phantom.

Resources

Symantec

Attivo Networks® has partnered with Symantec to provide advanced, real-time, in-network threat detection and improved automated incident response. With the joint solution, customers receive improved threat intelligence to isolate compromised systems based on suspicious activity.

Resources

Tanium

Attivo Networks® has partnered with Tanium® to provide advanced, real-time, in-network threat detection, attack analysis, and improved automated incident response to block and quarantine infected endpoints. With the joint solution, customers can review alerts and the accompanying attack forensics and assign endpoint policies to automatically block and isolate systems deemed compromised.

Resources

ThreatConnect

Attivo Networks® has partnered with ThreatConnect® to provide advanced threat intelligence sharing and analysis capabilities. With the joint solution, customers gain visibility on attack information and threat intelligence that the ThreatDefend™ decoy systems collect and feed to ThreatConnect.

Resources

VirusTotal

Attivo Networks has partnered with VirusTotal to provide advanced threat intelligence sharing and analysis capabilities.  With the joint solution, customers gain visibility on attack information and threat intelligence from the Attivo Networks ThreatDefend™ decoy systems, which collect suspicious files that are then fed into VirusTotal for comprehensive analysis.

 

Together we do great things.  Get Started.

RESOURCES

SPOTLIGHT

Attivo Networks Partner Integrations for an Active Defense