Attivo Networks ThreatDefend Platform

Additional Info

CompanyAttivo Networks
Company size (employees)100 to 499
Type of solutionSoftware


The Attivo Networks cloud security solutions are a unique approach to security, turning the tables on attackers and learning from their actions as they try to infiltrate. The solutions are easy and efficient to operate in the cloud with automated deception preparation and deployment, high-fidelity alerts, ready threat intelligence sharing with other SOC tools, and accelerated incident response. The ThreatDefend platform, which includes the BOTsink server and IDEntitleX solution, scales with the evolution of cloud environments and expanding enterprise infrastructure, all in a way that doesn’t drain resources, add fuel to alert fatigue, or cause disruption to the networked environment.

The Attivo BOTsink solution stands guard inside the network, using high-interaction deception and decoy technology to lure attackers into engaging and revealing themselves. Through attack misdirection, organizations gain the advantage of time to detect, analyze, and stop attackers.

Unlike other solutions, the Attivo BOTsink solution projects fully customizable OS decoys with which adversaries can interact, including native cloud technology decoys such as storage buckets, serverless functions, and more. The decoys record all attacker activity while deceiving them into engaging for far longer than with typical emulated honeypots, resulting in the most detailed information and evidence for supporting investigations and developing adversary intelligence.

The IDEntitleX solution reduces cloud identity risk by providing security teams with a unified view of identities and exposures across the organization to address entitlement provisioning challenges while maintaining operational effectiveness. It includes multi-cloud support for AWS and Azure and provides detailed entitlement visibility for users, applications, virtual machines, containers, serverless functions, storage buckets, and other objects attackers target.

The solution expands upon Attivo’s expertise in preventing privilege escalation and lateral movement. It is part of Attivo’s Identity Detection and Response (IDR) product line, which stops attackers from targeting human and non-human identities alike.

How we are different

The ThreatDefend platform is unlike any other cloud-based solution. It provides engagement-based alerting and deep adversary intelligence to determine the root cause quickly and reduce mean-time-to-remediation. The platform’s decoys and lures deliver comprehensive coverage of containers, serverless functions, access management, and cloud shared-security models.

Benefits include:
• Customer-proven cloud scalability: Attivo has many multi-country on-premises and cloud-based installs and millions of endpoint deception deployments
• The most comprehensive deception with accurate threat detection for all attack vectors and ubiquitous attack surface coverage, including public, private, and hybrid cloud environments
• Supports multi-cloud environments for AWS, Google, Azure, and Oracle – decoy storage buckets, deceptive credentials, serverless functions, IAM Access Keys/Tokens, SSH keys, containers, DNS entries, and CloudWatch and CloudTrail monitoring
• Highest levels of authenticity to misdirect and reveal in-network attackers – each deception is wholly customized, so attackers cannot decipher real from fake.
• Streamlined deployment and management with machine learning capabilities that propose customized deception campaigns and refresh deceptive assets
• Built-in attack analysis engine (unique to Attivo) generates high-fidelity alerts with in-depth threat and adversary intelligence, including TTPs, IOCs, and counterintelligence from DecoyDocs
• 30+ native integrations, Informer forensics, and ThreatOps repeatable playbooks automate incident response (blocking, isolation, hunting).

The IDEntitleX solution is the only offering that provides end-to-end visibility for identities and entitlements from an easy-to-use dashboard, seamlessly integrating data and clarifying findings:
• Scales to discover all identities, resources, and entitlements
• Supports multiple clouds in a consistent fashion
• Tracks changes to entitlements over time
• Provides end-to-end visibility, analysis, and protection from endpoint to Active Directory to the cloud (other vendors are limited to visibility for only the cloud itself)
• Visualizes access and risk from multiple points of view: identities, entitlements, and resources alike
• Enables clear, straightforward actions to mitigate risk