DECEPTION TECHNOLOGY TO OUTMANEUVER AND REVEAL IN‑NETWORK THREATS
Deception changes the asymmetry against attackers with attractive traps and lures designed to deceive and detect attackers.
Attivo deception provides immediate value by providing “eyes inside the network” visibility and accurate detection alerting based upon decoy engagement or attempts to use deception credentials, most notably early in the attack cycle.
Deception is not just a fancy honeypot. Honeypots were first introduced in the 80’s and served as a useful function for understanding who was attacking an organization from outside the network. Commercial deception technology has come a very long way in evolving the technology to now serve as a high-fidelity in-network detection control. Honeypot limitations associated with scale and operations are now removed through the use of virtualization and machine-learning automation for managing the creation, deployment, and operations of the deception environment. The Attivo Networks ThreatDefend takes deception even further and into the area of active defense, which incorporates automated attack analysis, forensics, and native integrations for accelerated incident response.
ATTIVO SOLUTIONS FOR
Extend threat deception to the cloud for early detection of lateral movement, credential theft, and unauthorized access.
Extend the ThreatDefend™ detection and response platform into any cloud service. Easily scalable, organizations can quickly detect lateral movement and reconnaissance, misdirect attacks, and gain engagement-based alerts on threats inside any cloud infrastructure or serverless environment. Designed for the dynamic nature of cloud environments and shared security models, organizations can now add a proactive defense across traditional data centers and within popular public cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, Oracle Cloud, and Google Cloud Platform (GCP).
Defend any cloud environment, whether public, private, or hybrid. Gain visibility and detection for attacks that target cloud infrastructure.
Extending the breadth and depth of deception for unconventional attack surfaces.
The ThreatDefend™ deception portfolio provides deception for servers, clouds, user networks, and specialized environments such as IoT, Medical IoT, SCADA, and POS. Coverage also extends to network infrastructure such as routers and switches, telecommunications devices, and specialized applications and services such as SWIFT, Big Data, print, and retail web portals.
Defend all attack surfaces on the network, from network and specialized devices to special-use services and applications.
Actionable alerts, forensics, and automation to accelerate incident response.
The Attivo Networks Deception and Response Platform provides substantiated, actionable alerts. Its decoys record all attacker interactions to capture the forensic evidence analysts need to conduct and report on their investigations. With the Informer solution, the built in analysis engine automatically correlates attack data, enriches the information with native threat intelligence feeds, and delivers an accurate chronological session view of all attacker activity. The system automates incident response with integrations that provide automatic threat intelligence sharing, blocking, and threat hunting. The ThreatOps module can be activated to provide repeatable playbooks, providing consistent and rapid responses from a deception-based detection. These functions all simplify and increase the efficiency of the incident response process.
Accelerated incident response for faster investigation resolution.