Attivo ThreatDefend Competes in the 2017 ‘ASTORS’ Awards (Multi-Video)

Attivo Networks, Recognized as the Leader in Deception-Based Threat Detection
Attivo Networks changes the game on the modern-day human attacker. Deception technology provides a threat defense of traps and lures designed to deceive attackers into revealing themselves. Engagement-based attack analysis, forensics, and 3rd party integrations accelerate incident response.

Attivo Networks is an award winning provider of
deception for in-network threat detection, attack forensic analysis, and continuous threat response.

Stop attackers in their tracks with the real-time detection of threats that have bypassed prevention security systems.

The Attivo Networks ThreatDefend Deception and Response Platform which is comprised of Attivo BOTsink engagement servers, decoys, and deceptions, a Multi-Correlation Detection Engine (MCDE), the ThreatStrike end-point deception suite, and the Attivo Central Manager (ACM) – changes the balance of power with sophisticated deception technology that deceives an attacker into revealing themselves.

Detailed attack analysis and forensics accelerate incident response and provide protection against future cyber attacks.

(Learn about deception technology and the Attivo Networks ThreatDefend Deception and Response Platform. Courtesy of Attivo Networks and YouTube)

Critical infrastructure protection currently follows the NIST Cyber Security Framework and Presidential Policy Directive PPD-21.

These outline the steps needed for analysis, assessment, indicators, warning, and response.

Attivo Networks assessed these frameworks and designed its ThreatDefend Deception and Response platform to empower organizations with continuous threat management as defined in these models.

Attivo ThreatDefend Analysis and Assessment

  • The Attivo solution provides attack path vulnerability assessment of the network based on exposed and orphaned credentials and other vulnerabilities that create on-ramps for an attacker.
  • Additionally, topographical maps of the network provide visibility to assets as they are come on and off of the network.
  • Maps can also show attack time-lapsed replay so that organizations can understand and analyze the lateral movement of an attack.
Attivo ThreatDefend

Attivo ThreatDefend Indicators and Warning

In this day and age, where we are heavily reliant ICS, real-time situational awareness is critical.

  • An increasing amount of proactive government practitioners and organizations are connecting sensor-based data and operational infrastructure to enable real-time intelligence.
  • These both come with their own sets of security risks.
  • ICS often operates on older unpatchable systems where there is a lack of security standards, common passwords are often used and the concept of a true ”air gap” is fading rapidly in a connected world.

Ultimately, attackers can and will bypass perimeter security and get inside the network.

The BOTsink deception servers are designed to provide early warning to attackers in-the-network by setting traps that appear as production assets.

  • These decoys run the same protocols as ICS and IOT devices for authenticity and are designed to deceive and misdirect the attack into engaging and revealing their presence.
Attivo BOTsink Deception Technology
Attivo BOTsink Deception Technology

Attivo ThreatDefend Response

  • As the attacker engages with the deception environment, the BOTsink multi-correlation engine analyzes the attack and creates the forensic reporting for the incident.
  • This attack information will then create evidence-based alerts and be viewable in a threat intelligence dashboard, in which double click actions can be taken through 3rd party integrations to block and quarantine attackers.
  • Companies and agencies can then create repeatable playbooks based on information that they would like shared with their firewalls, endpoint, NAC, and SIEM solutions, so that their security policies can automatically be applied.
Attivo Deception for Threat Detection
Attivo Deception for Threat Detection

In ICS environments, where human lives and safety can be quickly at risk, it is not enough to simply think like an attacker and know how they get in.

One must think like a responder and have deep expertise in detecting and defending against these attackers.

Attivo engineers have applied their extensive expertise in intrusion detection and protection and have designed the ThreatDefend- BOTsink solution for optimal efficiency for ICS network threat detection and accelerated incident response.

Using Attivo deception, the game has changed, attackers must now be right 100% of the time or be caught, and now when they are, organizations are equipped to quickly and efficiently respond to them.

(Learn More about Deception Technology, from Carolyn Crandall, Chief Marketing Officer at Attivo Networks. Courtesy of Fox 5, Attivo Networks and YouTube)

Attivo ThreatDefend Comprehensive Deception and Decoy

Make the Entire Network a Trap to Confuse and Misdirect Attackers into Revealing Themselves

  • Decoys appear identical to production assets, luring attackers into revealing themselves.
  • Decoy configurations run real Linux, Mac, and Windows OS and are customizable to match the “golden image” of the production environment.
  • Deception lures (bait) redirect attackers trying to infect endpoints, servers/VMs to engagement servers for detection.
  • Bait includes deception credentials, ransomware bait, and other deception lures.
Attivo ThreatDefend™ Deception and Response Platform Continuous Threat Management
Attivo ThreatDefend™ Deception and Response Platform Continuous Threat Management

Attivo Networks ThreatDefend Platform Achieves Common Criteria EAL2+ Certification

Common Criteria is an internationally recognized standard which defines a framework for evaluating the security of IT products.

US government organizations, international government entities from 27 different countries, and many global Fortune 500 corporations require Common Criteria certification to aid in the evaluation of IT products for their infrastructures and often require contractors to uphold the standard as well.

The certification requires developer testing, vulnerability analysis, product lifecycle management process assessment, and independent testing based on detailed Target of Evaluation (TOE) specifications.

Tushar Kothari, CEO of Attivo Networks
Tushar Kothari, CEO of Attivo Networks

“We are extremely pleased that the Attivo deception platform has received this critical certification because it provides validation to both corporate and government agency prospects that the solution has stood up against extremely stringent testing,” says Tushar Kothari, CEO of Attivo Networks.

“Attivo is the only company in this category to receive this certification, right when the need for detection technology is greater than ever and attackers continue to relentlessly demonstrate their ability to breach traditional security systems.”

Attivo ThreatDefend at a Glance

The ThreatDefend deception solution is designed for efficiency and friction-less deployment.

  • The solution is not in-line, so it doesn’t require process changes or network redesign to install.
    • Organizations can be up and running deception in under an hour and can make their entire network a ubiquitous trap for cyber attackers.
  • Attivo deception is exceptionally comprehensive and authentic, running real operating systems and with full golden image customization to the production environment.
    • Dynamic deception techniques and sophisticated deception lures deceive an attacker into engaging regardless of whether the threat vector is a zero day, stolen credential, ransomware, MiTM or insider attack.
Deception-Based Threat Detection and Continuous Response Platform
  • The platform seamlessly scales to support user networks, datacenters, cloud, ICS-SCADA, IOT environments and provides a centralized threat management console.
  • Detection is based on deception vs. database lookup or pattern matching, eliminating the need to cull through logs and deal with false-positive alerts.
    • Attivo alerts are engagement-based and substantiated with attack details, which simplify incident response and negate the need for additional resources to operate the solution and respond to an incident.
  • Attivo provides its own sandboxing technology that analyzes and provides forensic reporting of each attack.
    • Full TTP information, infected IP addresses, signatures and other attack detail required to isolate and block an attacker are immediately provided, dramatically accelerating incident response and automating response actions with firewalls, NACs, SIEMs per an organization’s preference.
    • Customers regularly cite the time savings of the ThreatDefend analysis engine, which automates the analysis and reporting of advanced malware and suspicious phishing emails.
  • ThreatPath™ attack prevention reporting provides continuous visibility into a company’s vulnerabilities and weak links by highlighting attack path risks based on misconfigurations or credentials on non-designated computers, by showing the infected endpoints, and automating trouble ticket requests for systems needing remediation.
  • Deception is a game changer in both its high efficacy and in efficiency to operate and most impressively at a cost that doesn’t break the bank.

Attivo Networks ThreatDefend in 2017 ‘ASTORS’ Homeland Security Awards Program

The 2017 ‘ASTORS’ Homeland Security Awards Program, is organized to recognize the most distinguished vendors of Physical, IT, Port Security, Law Enforcement, First Responders, (Fire, EMT, Military, Support Services Vets, SBA, Medical Tech) as well as the Federal, State, County and Municipal Government Agencies – to acknowledge their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’

As an ‘ASTORS’ competitor, Attivo ThreatDefend will be competing against the industry’s leading providers of Innovative IT Intrusion Detection & Prevention Solutions.

American Security Today will be holding the 2017 ‘ASTORS’ Awards Presentation Luncheon at 12:00 p.m. to 2:00 p.m, Wednesday, November 15th at ISC East, the Northeast’s largest security industry event, in the Jacob Javits Exhibition Center in New York City.

At ISC East you will have the chance to meet with technical reps from over 225 leading brands in the security industry, allowing you to find out about new products and stay ahead of the competition.

Encompassing everything from Video Surveillance and Access Control to Smart Home Technologies and Unmanned Security, you’re sure to find products and services that will benefit your company and clients.


Good luck to Attivo ThreatDefend on becoming a Winner of the 2017 American Security Today’s Homeland Security Awards Program!

To learn more about ThreatDefend and Attivo Networks wide range of offerings, please visit the company’s website at