Attivo Networks ThreatDefend Deception and Response Platform

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Attivo Networks
Company size (employees)100 to 499
Type of solutionHybrid

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

•Attivo Networks is unique in that it provides all forms of deception including endpoint, network, application, services, and data. The company’s ThreatDefend platform also goes further than others in not only reducing attacker dwell time but improving mean time to respond with a built-in attack analysis engine and extensive native integrations (30+) that empower automated incident response and attack information sharing. Attivo Networks is also unique in that it is the only company to cover all attack surfaces including data centers, cloud, user networks, remote office, IOT, ICS, POS, Medical IOT, network, and telecommunications infrastructure. In addition, Attivo technology is not inline and doesn’t require an agent to deploy on the endpoint. Given its design, the solution is highly scalable and can cross multiple VLANs. There are NO VLAN limitations and the technology supports next-generation serverless data centers. Attivo is customer-proven in large global deployments, midmarket, and has deployed millions of endpoint deception solutions deployed.
•Attivo Networks provides the highest levels of mirror-match authenticity with over 50+ out of the box operating systems, applications, and services to choose from. Additionally, an organization can run its own golden image production software for the greatest levels of authenticity. Machine-learning is then applied to automatically generate deception campaigns, automate deployment, and provide automated operations. It makes managing deception exceptionally simple while maintaining freshness and authenticity. Additionally, Attivo credentials can validate in Active Directory and DNS so that the attacker cannot tell real from fake credentials or decoys.
•Attivo Networks is the only provider with its own built-in attack and malware analysis engine. This is used to automatically correlate, report, and automate incident response based upon captured attack information. Substantiating alerts based on attacker engagement removes false positives and makes response actionable as all the information is provided to efficiently block, quarantine, and threat hunt.

Brief Overview

A day doesn’t go by without finding an article on the impending threat to the energy sector and a country’s critical control operations. The National Cybersecurity & Communications Integration Center even produced a report on 7/25/18 on Russian Activity Against Critical Infrastructure. The threat risk for an industrial control systems attack can be as high-profile attack on the energy grid or found in less obvious places like universities, casinos, and even sports centers which often operate with similar infrastructure to that of a small city. Based on its deception successes, Attivo has had numerous discussions with enterprise, education, and government agencies on how to improve the state of cyber detection within ICS-SCADA environments. Attivo has also worked with these organizations on deploying threat deception and on how they can apply deception to their NIST 800-82 Revision 2 requirements in order to strengthen their overall security posture and comply with security expectations and regulation.

Adoption of the ThreatDefend™ platform for ICS-SCADA environments continues to soar based upon its unique ability to provide early detection and accelerate incident response. The solution is designed for threat detection on ICS-SCADA devices used to monitor and control manufacturing operations and critical infrastructure across a wide variety of industries. The ThreatDefend™ BOTsink solution creates mirror-match decoys so that customers gain early and accurate threat detection for businesses, process controls, and field sensors. The solution provides a powerful detection control for insiders, external, and third-party threats as they attempt to move laterally through the network.

Regardless of the attacks origin: a phishing email, USB device, or through another point of access, the deception platform sets traps and provides the visibility required to quickly detect and block an attack. The platform also gathers full forensics and automates attack analysis for accelerated incident response.