Attivo Networks ThreatDefend Deception and Response Platform

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Attivo Networks
Company size (employees)100 to 499
Type of solutionHybrid

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

•Attivo Networks is unique in that it provides all forms of deception including endpoint, network, application, services, and data. The company’s ThreatDefend platform also goes further than others in not only reducing attacker dwell time but improving mean time to respond with a built-in attack analysis engine and extensive native integrations (30+) that empower automated incident response and attack information sharing. Attivo Networks is also unique in that it is the only company to cover all attack surfaces including data centers, cloud, user networks, remote office, IOT, ICS, POS, Medical IOT, network, and telecommunications infrastructure. In addition, Attivo technology is not inline and doesn’t require an agent to deploy on the endpoint. Given its design, the solution is highly scalable and can cross multiple VLANs. There are NO VLAN limitations and the technology supports next-generation serverless data centers. Attivo is customer-proven in large global deployments, midmarket, and has deployed millions of endpoint deception solutions deployed.
•Attivo Networks provides the highest levels of mirror-match authenticity with over 50+ out of the box operating systems, applications, and services to choose from. Additionally, an organization can run its own golden image production software for the greatest levels of authenticity. Machine-learning is then applied to automatically generate deception campaigns, automate deployment, and provide automated operations. It makes managing deception exceptionally simple while maintaining freshness and authenticity. Additionally, Attivo credentials can validate in Active Directory and DNS so that the attacker cannot tell real from fake credentials or decoys.
•Attivo Networks is the only provider with its own built-in attack and malware analysis engine. This is used to automatically correlate, report, and automate incident response based upon captured attack information. Substantiating alerts based on attacker engagement removes false positives and makes response actionable as all the information is provided to efficiently block, quarantine, and threat hunt.

Brief Overview

Attivo Networks® deserves this award recognition for its innovative approach to an Active Defense that’s based upon deception for early attack detection and threat-, adversary-, and counter-intelligence to accelerate and automate incident response.

The Attivo ThreatDefend platform starts with deception, providing eyes-in-the-network visibility to threats that have bypassed perimeter security controls. Decoys that appear identical to production assets (OS, application, services, network characteristics) and credential lures with breadcrumbs work in sync to attract attackers during lateral movement, reconnaissance, and credential theft. Upon attacker engagement or use of deception bait, a high-fidelity alert is raised and attacker’s movements for deep analysis and forensics are recorded. Organizations can automatically block and isolate threats immediately or opt to collect additional adversary intelligence within the safety of the deception environment. The platform uses high-interaction deception to capture all attack activity, including TTPs and IOCs and can show time-lapsed attack replays.

Attivo also provides complete counterintelligence capabilities through DecoyDocs, deceptive data loss tracking (DLT) documents that generate detection and geolocation alerts when stolen and opened. Collectively, this gives the SOC team a thorough understanding of attacker capabilities, goals, and motivation – while attackers think that they are escalating the attack. Organizations can then take this intelligence and use it to strengthen their overall security posture and/or turn over to law enforcement.

Security teams are also finding tremendous value in deception for “silent” threat hunting. Post-compromise, this allows teams to strategically place deception to determine if threats are eradicated and to set additional traps in the event the attacker tries to return. On average, an attacker has 100 days in which to discover your systems, harvest data, review files, modifying data sets, exfiltration… Anything and everything they need to return. Deception can promptly alert you if they do.