Attivo Networks® Deception Integrates with McAfee® Network Security Platform to Improve the Detection and Prevention of Intrusions
Attivo Certifies as an Intel Security Innovation Alliance Technology Partner
Fremont, CA., December 14, 2015— Attivo Networks®, an innovator in deception technology for cyber security defense, today announced that its deception-based Attivo BOTsink® solution is now available as an integrated solution with McAfee® Network Security Platform (NSP). The BOTsink solution will add insight into McAfee Network Security Platform providing additional and detailed forensic information on attacker methods and malicious domains. It also provides Snort signatures based on Botnet methods and behavior that can be used to block infected systems from exfiltrating valuable company data or other malicious activities. Attivo also announced that it has joined the Intel® Security Innovation Alliance™ partner program. Under the Innovation Alliance program, Attivo and Intel Security will work together to drive continuous improvement and integrations to simplify an organization’s ability to quickly detect, block, quarantine, and remediate against cyber threats.
The Attivo deception platform provides an additional line of cyber defense by detecting inside-the-network threats. Once an attacker is engaged, the events are fed into the Attivo multidimensional correlation engine to generate an attack sequence. As part of this process, the Attivo BOTsink will let the attack continue and talk to the Command and Control (C&C) server through its sinkhole so the attack sequence can be played out and an attacker’s methods understood. As the forensic data is collected, the information can be added to McAfee Network Security Platform so that the infection can be isolated and corrective actions taken. This process can be applied to gain an additional understanding of zero-day attacks, HTTPs, and the increasingly challenging issue of phishing.
Phishing has become a favorite method to exploit unsuspecting employees. Social networking had made it easy for attackers to send targeted mail to victims with high rates of engagement success. A benefit of the Intel Security and Attivo integration is the ability to redirect employee C&C communications to the BOTsink solution where access of URL’s in a phishing email or malware downloads can be simulated in a controlled sandbox environment. This will enable organizations to determine if the email is malicious and to gain a better understanding of the phisher’s intent.
“The Attivo technology brings complementary functionality to McAfee Network Security Platform by providing access to forensic evidence helpful in isolating and responding to a cyber-attack,” said D.J. Long, Head of the Intel Security Innovation Alliance. “With the Attivo BOTsink deception platform, our joint customers have access to additional forensic data and reporting that can help them determine an attacker’s objectives more quickly and to respond to the attack as needed.“
“Integrating with McAfee Network Security Platform was a logical extension to the Attivo BOTsink solution, “said Venu Vissamsetty, Vice President of Security Research at Attivo Networks. “The BOTsink multi-correlation engine is designed to analyze and create detailed forensics on cyber attacks. Driven by interest from joint customers, Attivo and Intel Security completed the integration enabling the BOTsink technology and McAfee NSP platform to work seamlessly together to better understand the attackers’ intent, provide forensics, send substantiated alerts, and respond to current attacks.”
About Attivo Networks
Attivo Networks® is the leader in dynamic deception technology, which in real-time detects intrusions inside the network, data center, and cloud before the data is breached. Leveraging high-interaction deception techniques, the Attivo BOTsink® Solution lures BOTs and APTs to reveal themselves, without generating false positives. Designed for efficiency, there are no dependencies on signatures, database lookup or heavy computation to detect and defend against cyber threats. Attivo solutions capture full forensics and provide the threat intelligence to shut down current and protect against future attacks. attivonetworks.sentinelone.com
Follow Attivo Networks: Twitter and Linked In
Attivo Networks and BOTsink are registered trademarks of Attivo Networks in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Intel the Intel logo, McAfee and the McAfee logo are trademarks of Intel Corporation in the U.S. and/or other countries.
No computer system can be absolutely secure.
415-963-4082 ext. 101
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise