Overview

The Attivo ThreatDefend® solution for insider threats uses deception techniques to dramatically increase the speed at which organizations uncover insider threat activity and policy violations. Each detection alert is substantiated with attack detail and forensic evidence to support administrative and legal actions. Additionally, the solution provides intrusion detection and counterintelligence capabilities through DecoyDocs, deceptive data loss tracking (DLT) documents that generate detection and geolocation alerts when stolen and opened either inside or outside of the company. Organizations can then take this intelligence and use it to understand attackers targeted, strengthen their overall security posture, and share with law enforcement if necessary.
Alerts are high-fidelity since they are all engagement-based and immediately actionable. Substantiated attack activities and in-depth forensic reporting deliver the information required to assess whether the actions are malicious, incidental, or accidental. It is often hard to detect, no less prove, malfeasance. The solution provides indisputable forensic evidence and confidence to take decisive corrective actions. Attivo customers have repeatedly detected suspicious activity and policy violations from insiders, contractors, and suppliers. They cite Attivo as the primary security control for detecting their insider threats. This is also a to use case for over 40% of Attivo customers.

Whether a threat is an external actor or insider, deception changes the asymmetry against the attacker by obfuscating the attack surface, slowing their progression with high-interaction deception that engages and misdirects them. Security teams can elevate their game with visibility and insight into suspicious employee activities, policy violations, and device changes in the network. Additional functionality like the Informer attack activity tracker and DecoyDocs beaconing provide adversary intelligence to substantiate findings for administrative and legal action. This is particularly useful for organizations that are concerned about data or IP theft or device tampering from insiders, third-party providers, or partners with access.