Attivo Networks Endpoint Detection Net (EDN) Suite

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Attivo Networks
Company size (employees)100 to 499
Type of solutionSoftware

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

• The Attivo Networks Endpoint Detection Net (EDN) suite ups the game against advanced attackers, preventing them from breaking out, moving laterally, or escalating privileges from an infected endpoint. Every endpoint essentially becomes weaponized is now active to disrupt an attacker’s attempts to break out and advance their attack. Gartner Peer Insights gives this technology 5 out of a 5 Star rating.

• It would be incorrect to compare this solution with or use this to replace EDR technology. It is, in fact, not competitive but complementary to these solutions because EDR solutions focus on preventing the initial compromise, and the EDN suite focuses on credential access, discovery, lateral movement, and collection. Since these protections are not provided by EDR vendors and Attivo is a strong technology and GTM partner with vendors like SentinelOne, McAfee, FireEye, CrowdStrike, and others. For example, The EDN suite brings value in its detection of credential theft and privilege escalation activities and by preventing attacks by hiding the data the attacker is seeking. It works by concealing the real files, folders, and mapped shares from attackers and denying them access. The EDN suite can also act as a deterrent against APT tactics by detecting AD reconnaissance activities and port scanning as attackers seek vulnerabilities to compromise.

• The suite’s extensive capabilities include credential cloaking; detections for credential theft, deceptive credentials for misdirection, Active Directory enumeration detection, man-in-the-middle attacks, and network asset discovery; port scanning detection and redirection; and cloaking files, folders, mapped network and cloud shares, and removable drives from attackers. Plus, attack path visibility functionality shows exposures that create attack paths. It can also detect exposed credentials and shadow admins. This, and automated remediation are unique to Attivo.

Brief Overview

The Attivo Networks® Endpoint Detection Net (EDN) suite is a must-have security companion to endpoint EPP and EDR solutions. Its purpose is different, and specifically prevents attackers from moving laterally using identity-based and reconnaissance tactics. Put simply, EPP and EDR prevent attackers from getting onto the endpoint, while EDN prevents the attackers from breaking out by disrupting lateral movement, credential theft, and privilege escalation.

The EDN suite provides exceptional endpoint threat visibility with novel prevention capabilities and accurate detection alerts. It is highly effective for insider (employees, contractors, suppliers) and external attacker activity, and organizations benefit from time, energy, and cost savings. Businesses and governments use this technology to prevent advanced attacks, dramatically benefiting from visibility to attackers and derailing lateral movement.

Target markets are organizations of all sizes, including business, education, and government.

The EDN suite boosts EDR detections by ~42% (MITRE DIY APT testing) while reducing dwell time by up to 90%+. It achieves this by preventing and detecting lateral movement, credential theft, and privilege escalation, essentially turning every endpoint into a decoy trap!

• Cloaks (hides and denies access to) real credentials while providing fake credentials and lures to detect user, cloud, and SaaS credential theft and alerts on their attempted use as well as that of local admin credentials for privilege escalation
• Binds credentials to applications, preventing imposter access
• Detects unauthorized Active Directory queries from endpoints and returns fake AD information to misdirect attacks into decoys
• Prevents ransomware by hiding and denying access to data and preventing attackers from exploiting local files, accounts, and storage locations
• Detects port scanning and misdirects activity to decoys that appear as production services. Can isolate inbound and outbound traffic to decoys for native quarantine
• Shows lateral attack paths to reduce the at-risk attack surface