Attivo Networks ThreatDefend Platform™

 

 

Threat Deception Technology to Detect Threats Early, Accurately & Efficiently The ThreatDefend Deception Platform is a modular solution comprised of Attivo BOTsink® engagement servers, decoys, and deceptions, the ThreatStrikeTM endpoint deception suite, ThreatPathTM for attack path visibility, ThreatOpsTM incident response orchestration playbooks, and the Attivo Central Manager (ACM), which together create a comprehensive early detection and active defense against cyber threats.

 

 

WHY CUSTOMERS CHOOSE THREAT DECEPTION

• EARLY WARNING SYSTEM
• ACTIONABLE ALERTS
• EASY TO DEPLOY
• LOW MAINTENANCE
• STRENGTHENS DEFENSES

DETECT KNOW & UNKNOWN ATTACKS Not reliant on signatures or pattern matching, the Attivo ThreatDefend solution accurately detects in-network reconnaissance, credential theft, Man-in-the-Middle attacks, and lateral movement of threats that other security controls miss. EARLY & ACCURATE DETECTION Threat deception provides early detection of external, insider, and 3rd party attacks. Achieve real-time threat detection of reconnaissance and credential theft activities as attackers are deceived into engaging with decoys, deception lures, and bait designed to entice hackers into revealing themselves. NO ALERT FATIGUE FROM FALSE POSITIVES High-fidelity alerts are raised based upon attacker decoy engagement or deception credential reuse. Each alert is substantiated with rich threat intelligence and is actionable, removing false positive and noisy alerts that distract from the prompt incident response of real threats. NOT RESOURCE INTENSIVE Easy to deploy and operate, the Attivo solution is design to be low maintenance. Deployment is in hours and doesn’t require highly skilled employees or in-depth resources for ongoing operations. Machine learning, automated analysis, and incident response empower quick remediation. CAMOUFLAGE Realistic deception is key to deceiving attackers into engaging. Dynamic deception provides authenticity and deception campaigns for self-learning deployment and refresh.

 

 

Authenticity

• Customized using real OS and services to production assets
• Credential validation with Active Directory
• High-interaction engagement

Machine-Learning

• Self-learning of the environment generates deception campaigns
• Campaigns can be deployed on demand for environment refresh
• Allows automated refresh to spin up deception or avoid fingerprinting

Easy Operations

• Simplify deployment with automated campaign proposals
• Easy operations with automated refresh
• Choice of on demand or automated campaign deployment

FEATURES

 

 

ThreatDefend is a comprehensive, scalable detection platform designed for the early detection of external threat actors and insiders (employees, suppliers, contractors) and for accelerating incident response. IN-NETWORK THREAT DETECTION Early endpoint, network, application, and data post-compromise threat detection. ATTACK SURFACE SCALABILITY Deception for evolving attack surface: data centers, cloud, user networks, remote office, specialty networks. EASY DEPLOYMENT & OPERATIONS Flexible deployment options and machine-learning for ongoing campaign authenticity and refresh. SUBSTANTIATED ALERTS & FORENSICS Actionable alerts from attacker engagement or credential reuse. Full forensics for actionable response. ATTACK ANALYSIS Automated attack analysis and correlation improves time-to-remediation. THREAT INTELLIGENCE High interaction attacker engagement and DecoyDocs produce threat, adversary, and counterintelligence. ACCELERATED INCIDENT RESPONSE Extensive 3rd party automations accelerate incident response to block, isolate, and threat hunt. ATTACK PATH VULNERABILITY ASSESSMENT Understand attack path vulnerabilities based on exposed credentials and misconfigurations. VISIBILITY & ATTACK MAPS Topographical maps for network visualization and time-lapsed attack replay.