Deception changes the asymmetry against attackers with attractive traps and lures designed to deceive and detect attackers.

Attivo deception provides immediate value by providing “eyes inside the network” visibility and accurate detection alerting based upon decoy engagement or attempts to use deception credentials, most notably early in the attack cycle.

Deception is not just a fancy honeypot. Honeypots were first introduced in the 80’s and served as a useful function for understanding who was attacking an organization from outside the network. Commercial deception technology has come a very long way in evolving the technology to now serve as a high-fidelity in-network detection control. Honeypot limitations associated with scale and operations are now removed through the use of virtualization and machine-learning automation for managing the creation, deployment, and operations of the deception environment. The Attivo Networks ThreatDefend takes deception even further and into the area of active defense, which incorporates automated attack analysis, forensics, and native integrations for accelerated incident response.


Extend threat deception to the cloud for early detection of lateral movement, credential theft, and unauthorized access.

Extend the ThreatDefend™ detection and response platform into any cloud service. Easily scalable, organizations can quickly detect lateral movement and reconnaissance, misdirect attacks, and gain engagement-based alerts on threats inside any cloud infrastructure or serverless environment. Designed for the dynamic nature of cloud environments and shared security models, organizations can now add a proactive defense across traditional data centers and within popular public cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, Oracle Cloud, and Google Cloud Platform (GCP).

Defend any cloud environment, whether public, private, or hybrid. Gain visibility and detection for attacks that target cloud infrastructure.

Lateral Movement Detection

  • Project native cloud decoys, decoy containers, and S3 buckets in AWS
  • Efficient detection of reconnaissance, lateral movement
  • Effective against known and unknown attacks
  • Credential Theft Detection

  • Deploy deceptive credentials in production Lambda functions and AWS S3 buckets to defend Serverless applications
  • AWS access tokens and SSH keys
  • Deceptive websites and docker apps
  • Scalability

  • Defend AWS, Azure, Google Cloud, OpenStack, or Oracle Cloud
  • Easily deployed with full functionality via cloud formation templates
  • Centralized threat management
  • Easy to Deploy & Operate

  • Virtual and VM forward technology make deployment easy
  • Machine learning automates deception preparation, deployment, operations
  • Threat intelligence can be automatically shared with SOC tools
  • Extending the breadth and depth of deception for unconventional attack surfaces.

    The ThreatDefend deception portfolio provides deception for servers, clouds, user networks, and specialized environments such as IoT, Medical IoT, SCADA, and POS. Coverage also extends to network infrastructure such as routers and switches, telecommunications devices, and specialized applications and services such as SWIFT, Big Data, print, and retail web portals.

    Defend all attack surfaces on the network, from network and specialized devices to special-use services and applications.


  • Defend Cisco Router, Switch, and Telephony devices
  • Defend IoT, Medical IoT, ICS/SCADA, and POS devices
  • Alert on attacks targeting OT and networks infrastructure
  • Services

  • Defend services such as printer, web, and camera streaming
  • Identify unauthorized file transfer and remote access activity
  • Identify service-based points of entry attackers can compromise
  • Applications

  • Leverage capabilities for Big Data and database applications
  • Project decoy SWIFT servers or retail web application portals
  • Expand cloud deception with decoy Docker apps
  • Actionable alerts, forensics, and automation to accelerate incident response.

    The Attivo Networks Deception and Response Platform provides substantiated, actionable alerts. Its decoys record all attacker interactions to capture the forensic evidence analysts need to conduct and report on their investigations. With the Informer solution, the built in analysis engine automatically correlates attack data, enriches the information with native threat intelligence feeds, and delivers an accurate chronological session view of all attacker activity. The system automates incident response with integrations that provide automatic threat intelligence sharing, blocking, and threat hunting. The ThreatOps module can be activated to provide repeatable playbooks, providing consistent and rapid responses from a deception-based detection. These functions all simplify and increase the efficiency of the incident response process.

    Accelerated incident response for faster investigation resolution.

    Substantiated Alerts

  • Based on Attacker engagement
  • Immediately Actionable
  • Responders can act with high confidence
  • Automated Analysis

  • Attack information correlation
  • Threat intelligence enrichment
  • Identify polymorphic or time-triggered activity
  • Advanced Forensics

  • Capture all network disk and memory activity
  • Exportable and shareable
  • Ready access to evidence for investigations
  • Informer Dashboard

  • Consolidated adversary intelligence
  • Faster forensic investigation
  • Visibility to create a predictive defense
  • Automated Playbooks

  • Consistent, repeatable response process
  • Simplifies IR operations
  • Increases efficiency in CSIRT
  • Native Integrations

  • Threat intelligence sharing
  • SIEM and EDR for hunting
  • Blocking, isolation with Firewalls, NAC, EDR
  • Prevent Recurrence

  • Empower threat hunting
  • Validate threat was eradicated
  • Set traps in the event an attacker returns
  • Learn More
    Discover how SecureNation can help you better protect your IT assets.