Attivo Networks ThreatDefend Deception and Response Platform

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Attivo Networks
Company size (employees)100 to 499
Type of solutionHybrid

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

•Attivo Networks is unique in that it provides all forms of deception including endpoint, network, application, services, and data. The company’s ThreatDefend platform also goes further than others in not only reducing attacker dwell time but improving mean time to respond with a built-in attack analysis engine and extensive native integrations (30+) that empower automated incident response and attack information sharing. Attivo Networks is also unique in that it is the only company to cover all attack surfaces including data centers, cloud, user networks, remote office, IOT, ICS, POS, Medical IOT, network, and telecommunications infrastructure. In addition, Attivo technology is not inline and doesn’t require an agent to deploy on the endpoint. Given its design, the solution is highly scalable and can cross multiple VLANs. There are NO VLAN limitations and the technology supports next-generation serverless data centers. Attivo is customer-proven in large global deployments, midmarket, and has deployed millions of endpoint deception solutions deployed.
•Attivo Networks provides the highest levels of mirror-match authenticity with over 50+ out of the box operating systems, applications, and services to choose from. Additionally, an organization can run its own golden image production software for the greatest levels of authenticity. Machine-learning is then applied to automatically generate deception campaigns, automate deployment, and provide automated operations. It makes managing deception exceptionally simple while maintaining freshness and authenticity. Additionally, Attivo credentials can validate in Active Directory and DNS so that the attacker cannot tell real from fake credentials or decoys.
•Attivo Networks is the only provider with its own built-in attack and malware analysis engine. This is used to automatically correlate, report, and automate incident response based upon captured attack information. Substantiating alerts based on attacker engagement removes false positives and makes response actionable as all the information is provided to efficiently block, quarantine, and threat hunt.

Brief Overview

Attivo Networks® provides an Active Defense for the early detection and response to threats targeting IoT networks and devices. With today’s IoT devices outnumbering the human population, it is unreasonable to expect that every device can be found and secured 100% of the time. A new approach is needed, one that provides early detection to attackers seeking to compromise supervisory control servers or the devices themselves. The Attivo Networks ThreatDefend™ Platform provides a unique value in identifying the lateral movement of attackers within an organization’s network. Organizations will also gain visibility into devices coming on and off the network, likely attack paths, and attack time-lapsed reply so that they can understand configuration and credential vulnerabilities as well as the lateral movement of attacks. This information can then be used for attack prediction and strengthening security posture.

The platform is designed to efficiently detect all forms of attacks on IoT systems and is not reliant on known attack signatures, databases or the need for agents to be installed on the device. Instead, Attivo provides deception decoys and lures so that customers can set up traps that look identical to IoT systems based on XMPP, COAP, MQTT, HL7, and DICOM-based PACS servers in their networks. One example of device deception would be with Becton Dickinson insulin and drug infusion pumps. Attivo decoys are used to improve patient care on networks where the use of older un-patchable operating systems has increased security risk.

Customized to appear as multiple forms of production IoT sensors and servers, the solution deceives the attacker into engaging and revealing themselves. Once the attacker is engaged, the attack can safely be studied, and alerts raised so that the attack is blocked. Automated attack analysis and detailed forensics reporting are provided to accelerate remediation and to prevent future attacks.