Attivo Networks ThreatDefend Platform

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Attivo Networks
Company size (employees)100 to 499
Type of solutionHybrid

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

The Attivo ThreatDefend Platform deserves this recognition because it can efficiently disrupt and derail a ransomware attack in a way that no other security solution can.
• The ThreatDefend Platform protects against Active Directory enumeration and denies attackers from gaining the domain control required to distribute ransomware infections. It also derails ransomware by hiding files, folders, AD objects, local admin accounts, mapped network and cloud shares, and removable drives so attackers can’t find the data or access it for encryption or data theft.
• The ThreatDefend Platform slows a ransomware attack by occupying it with high-interaction deception techniques and detecting credential theft and attempted enumeration of local administrator accounts and Active Directory for privilege escalation
• The ThreatDefend Platform immediately notifies the security teams of exposed credentials, stale sessions, shadow admins and service accounts, and misconfigurations that an attacker can leverage for lateral movement and facilitates automatic remediation before attackers can take advantage of them.

Brief Overview

An infected host with access to important files or a compromised domain controller can cause significant damage before an organization recognizes the situation. Mitigation and remediation after a ransomware attack can be time-consuming and expensive, making prevention, early detection, and slowing an attacker’s progress before it does extensive damage a priority.
Additionally, human-operated attacks, aka Ransomware 2.0, use APT-style tactics designed to bypass traditional security controls. These threat actors often use the first system they compromise as a beachhead, not a target for encryption, into the network to conduct network discovery, probe Active Directory, move laterally, and identify high-value assets to target.
Traditional endpoint solutions (EPP/EDR) use signature matching or behavioral anomaly detection to identify malicious binaries and block ransomware execution to stop the infection. Unfortunately, human attackers using advanced methods can evade these solutions, so it is critical to detect based on techniques vs. signatures or hashes. The Attivo ThreatDefend Platform detects the techniques that attackers use to break out and move laterally from an endpoint. By derailing lateral movement activities, organizations can disrupt ransomware attacks and limit their damage.
There are five primary methods that Attivo provides to reduce ransomware attack risk and prevent its spread. These work collectively to stop infections, accurately detecting in-network threats and other techniques that criminals would employ to escalate their attack.
• Detects credential theft and attempts to enumerate local administrator accounts and Active Directory for privilege escalation
• Prevents attackers from seeing or exploiting production files, folders, removable disks, network shares, and cloud storage
• Detects attempts to exploit and encrypt decoy file shares
• Slows an attack by distracting it with high-interaction deception techniques
• Provides native integrations that deliver automated isolation and reduce response time