- Company (that provides the nominated product / solution / service): Attivo Networks
- Website: https://attivonetworks.com/
- Company size (employees): Less then 100
- Country: United States
- Type of solution: Software
- Approximate number of users worldwide: Over 200 organizations have engaged with the solution since it was introduced a year a go. Paying customers are 50% F1000. If we include endpoint deception deployment, users could be in the 1000’s.
In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:
• Deception is playing a critical role in providing real-time visibility and detection of inside the network threats. The Attivo Deception Platform deserves recognition because it provides the most comprehensive and efficient solution for inside the network threat detection. It also provides the next and sometimes final line of defense when all other security systems have failed.
• The Attivo Networks Dynamic Deception Platform provides the most authentic deceptions by providing real operating systems, fully customizable services making it indistinguishable from company servers and medical or industrial devices and the ability to make the entire network a trap with decoys, server and end-point deceptions. Additionally, the Attivo solution easily scales to detect threats in user networks, data centers, cloud and SCADA environments.
• The Attivo Deception Platform does not stop at detection alone. The Attivo AMR engine will trap a BOT or APT and run full TTP forensics so that the methods and attack information can be catalogued and analyzed in a threat intelligence dashboard, and passed to prevention systems to shut down current and prevent future attacks. Attivo provides 3rd party SIEM and infrastructure integrations to share threat intelligence, block and quarantine attackers, and thwart the efforts of attackers. Customers in fewer than 30 minutes of set up, can gain visibility into threats inside the network and with the high fidelity alerts and reporting, are easily able to run the deception platform without needing to add highly skilled resources. Many customers will also feed attack information found by prevention solutions for additional analysis and forensic information on an attacker.
The world has accepted that there is not a 100% reliable way to prevent threats from getting inside the network. There were over 600 breaches reported last year and over 700 million records exposed. Organizations are now seeking efficient ways to gain visibility into threats that are inside their networks before the attacker can complete their mission.
Attivo provides highly efficient and effective deception for threat detection and addresses the gaps left by event the best in class security solutions.
• Prevention systems are designed to look for known signatures and attack patterns. This lets things like zero day attacks or the 14 new strains of malware that are created every minute to slip through.
• Prevention systems can’t reliably detect and analyze stolen credential, phishing, and ransomware attacks. They are also not designed to detect insider threats.
• Monitoring systems require network integration and must monitor all traffic. These systems are also looking to identify known attack sequences or signatures so they generate false positives and need experienced professionals to analyze the data.
• Deception is not reliant on signatures or attack patterns and uses deception to deceive, misdirect, and detect an attacker. This makes it very effective to detect zero day attacks, insider threats, ransomware attacks and the lateral movement of BOTs and APTs.
• Attivo is not inline so it can be deployed in under 30 minutes. It is also highly scalable for the largest of data centers and global deployments.
• Attivo does not stop with detection. The Attivo analysis engine creates a complete attack analysis that generates only substantiated alerts, can be viewed in a threat intelligence dashboard and can generate reports to update SIEM, firewall and other prevention devices to block and quarantine and attacker.