Attivo ThreatDefend for ICS Systems

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Attivo Networks
Company size (employees)100 to 499
Type of solutionHybrid

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

Attivo Networks deserves this recognition for its innovation to protect critical infrastructure and operational technology security. Recently ISG recognized the company as a leader in manufacturing industry services - OT security solutions for its ThreatDefend platform’s early and accurate detection of in-network threats. The platform’s ability to detect threats is not dependent on signatures, logs, or AV and does not need to load an agent on an endpoint device.
Instead, the platform uses traps, lures, and misdirections to detect threat reconnaissance and lateral movement. This function provides unparalleled visibility and early detection of attack activity that targets CI.
The ThreadDefend platform tricks or misleads attackers into engaging with decoys that collect company-specific intelligence on their activities to defend the environment better. These include IOCs and TTPs, which the platform can automatically share for automation with other prevention solutions.

Brief Overview

The ThreatDefend platform ICS solution creates a deception environment composed of network decoys, deception credentials, fake applications, and false data to detect attackers early in the attack cycle as they attempt to conduct reconnaissance, steal credentials, and move laterally in both IT and OT networks. The platform deploys with little operational or management effort. It provides a full fabric of deception that blankets the enterprise to detect in-network attackers, provides unparalleled visibility into suspicious or malicious activity, and collect intelligence to improve defenses.
The platform creates decoys that mirror production ICS/SCADA devices. These could be remote sensors, voltage regulators, fuel pumps, or SCADA clients and servers. These decoys deploy in the OT network to provide visibility and early detection of suspicious activity. Alerts do not trigger based on signatures or behavior but confirmed attacker engagement with a decoy, from something as simple as a network scan to full interaction. The platform also creates deceptive credentials that appear as authentic CI credentials but point to the decoy environment to protect against attackers that steal them to move laterally. The comprehensive deception fabric uniquely protects CI from attackers who have bypassed perimeter defenses and alerts on their presences.