Attivo Networks ThreatDefend Platform for Insider Threats

Additional Info

Company size (employees)100 to 499
Type of solutionHybrid


The Attivo ThreatDefend® solution for insider threats uses deception techniques to dramatically increase the speed at which organizations uncover insider threat activity and policy violations. Each detection alert is substantiated with attack detail and forensic evidence to support administrative and legal actions. Additionally, the solution provides intrusion detection and counterintelligence capabilities through DecoyDocs, deceptive data loss tracking (DLT) documents that generate detection and geolocation alerts when stolen and opened either inside or outside of the company. Organizations can then take this intelligence and use it to understand attackers targeted, strengthen their overall security posture, and share with law enforcement if necessary.
Alerts are high-fidelity since they are all engagement-based and immediately actionable. Substantiated attack activities and in-depth forensic reporting deliver the information required to assess whether the actions are malicious, incidental, or accidental. It is often hard to detect, no less prove, malfeasance. The solution provides indisputable forensic evidence and confidence to take decisive corrective actions. Attivo customers have repeatedly detected suspicious activity and policy violations from insiders, contractors, and suppliers. They cite Attivo as the primary security control for detecting their insider threats. This is also a to use case for over 40% of Attivo customers.

Whether a threat is an external actor or insider, deception changes the asymmetry against the attacker by obfuscating the attack surface, slowing their progression with high-interaction deception that engages and misdirects them. Security teams can elevate their game with visibility and insight into suspicious employee activities, policy violations, and device changes in the network. Additional functionality like the Informer attack activity tracker and DecoyDocs beaconing provide adversary intelligence to substantiate findings for administrative and legal action. This is particularly useful for organizations that are concerned about data or IP theft or device tampering from insiders, third-party providers, or partners with access.

How we are different

- Unlike other detection solutions, deception technology is useful against suspicious insider, contractor, and supplier activities because it obfuscates the attack surface even to legitimate users and quickly alerts on any policy violations.
- The ThreatDefend platform tracks all attacker behavior and provides organizations with the substantiated evidence needed to take decisive action when discovering an insider threat.
- Deception serves as a force multiplier to an organization’s existing security solutions while reducing the information security team’s workload, giving them visibility into unseen insider and external threats, lateral movement, and “low and slow” attack techniques that evade existing defenses.