ThreatMatrix Deception and Response Platform for Cloud Environments

Promote this Nomination

Additional Info

CompanyAttivo Networks
Company size (employees)99
Type of solutionSoftware


The Attivo ThreatMatrix Deception and Response Platform changes the game for cloud security with early and accurate detection of attackers that have evaded prevention systems. This early detection system provides real-time detection of attacker reconnaissance and lateral movement, considerably reducing dwell time and disrupting an attacker’s ability to complete their mission. Time-to-respond will also dramatically reduce, since the ThreatMatrix BOTsink correlation engine will analyze attacks, provide forensic reporting, and allow automated response actions, which will automatically block and quarantine attacks, negating an attacker’s ability to complete ransomware, stolen credential or other advanced malware attacks. The ThreatMatrix platform is designed to install, operate, and scale seamlessly in cloud environments and has support for AWS, Azure, VMware, and OpenStack SDDCs. A very unique benefit of the Attivo solution is its ThreatDirect solution, which acts as a VM forwarder, eliminating the need for local devices. This provides significant cost savings and deployment flexibility. Since the solution is not inline, cloud installation is friction-less, highly scalable, and does not require process changes or network redesign. An organization can be up in running in under an hour. Additionally, since the solution is engagement-based detection, every alert is substantiated and comes with the full attack TTP detail, information on infected IPs, and signatures for blocking. Attack information is easily viewed in a centralized threat intelligence dashboard and full forensic reporting is provided to simplify incident tracking and management. The efficiency of the solution and organized delivery of attack information negates the need for additional skilled resources to operate the ThreatMatrix solution. Additionally, 3rd party integrations accelerate incident response with automated blocking and quarantine of attacks.

How we are different

The ThreatMatrix platform is truly a unique offering that provides accurate, scalable, efficient post infection detection of attackers within AWS, Azure, VMware, and OpenStack cloud environments. ThreatDirect provides additional scalability and cost savings.

The solution provides accurate detection of threats and their lateral movement that is scalable for cloud environments. The alerts are based on engagement so the security team won't be chasing false positives and endless logs. The solution also uses dynamic deceptions to self-learn and match environments and will respin after attack to avoid attacker fingerprinting.

Third party integrations with major prevention, endpoint, SIEM devices automate incident response with automated blocking and quarantine saving security teams time and energy in quarantine and remediation.