Attivo Networks and Check Point Software Team Up to Improve Detection and Accelerate the Incident Response of Advanced Threats - Attivo Networks
Attivo Networks Blogs

Attivo Networks and Check Point Software Team Up to Improve Detection and Accelerate the Incident Response of Advanced Threats

ThreatMatrix and Check Point R80 Integration automates the identification, blocking and data exfiltration of attacks

FREMONT, Calif., Jan 3 , 2017Attivo Networks®, the award-winning leader in deception for cyber security threat detection, announced today that the company has integrated its ThreatMatrix™ Deception Platform with the Check Point R80 management platform. The integration combines prevention, advanced threat detection, and incident response capabilities into a collective defense solution capable of automatically identifying and blocking infected systems to prevent exfiltration of valuable company data and other malicious activities.

The ThreatMatrix Deception and Response Platform includes Attivo BOTsink® engagement servers and decoys, which play a critical role in deceiving and misdirecting attackers. Attivo Camouflage provides dynamic behavioral deception that makes the deception decoys indistinguishable from production assets by running real operating systems and services. The solution’s self-learning capabilities ensure that deceptions remain fresh and re-spin after an attack to avoid attacker identification and fingerprinting. The ThreatStrike™ End-point Suite provides deceptive lures, credentials and ransomware bait that are designed to misdirect attackers to the BOTsink engagement server. Once an attack is detected, the attack can be safely allowed to play out to capture detailed attack information and forensics. This attack information can then be viewed in the BOTsink threat intelligence dashboard, shared with other prevention and detection systems, and will generate a high fidelity alert notifying security teams of the cyber threat. Third party automation is also available to streamline and accelerate incident response actions.

Check Point R80 is a unified security management platform that enhances the ability to integrate security protocols, consolidate policy enforcements and automate firewall capabilities to protect against cyber-attacks. The platform provides a consolidated view for threat management across physical and virtual networks by aggregating logs, events, and alerts into a common user interface. This enhances the visibility of risks and enables automation of incident responses to block exfiltration of valuable enterprise data.

The integration of the Attivo ThreatMatrix Platform with Check Point R80 empowers customers with a high efficacy solution for detecting advanced threats, which are known for evading prevention systems as well as automated incident response actions. The Attivo solution is not reliant on known signatures or matched attack patterns and can detect all threats for all attack vectors. Attack intelligence gathered in the BOTsink engagement server raises an alert and forwards attack information to the R80 detailing the infected endpoint IP addresses, methods of lateral movement and attack signatures. Simultaneously, configured policies within Check Point R80 are enforced via API to quarantine the devices, block communications with the attackers Command and Control (CNC), and to prevent data exfiltration.

“Integration of the Attivo ThreatMatrix Deception Platform and the Check Point Management Server provides best in breed threat detection and incident response management for our joint customers,” said Tushar Kothari, CEO of Attivo Networks. “They can now benefit from Attivo real-time attack detection and Check Point Software Technologies consolidation of security functions to gain visibility and reduce their response time by automatically blocking attacks of high severity.”

“Working together with Attivo Networks extends the value for enterprise customers pursuing the highest level of security,” said Alon Kantor, vice president of business development, Check Point. “Dynamic and real-time deception technologies complement our multi-layered threat prevention capabilities against zero-day cyberattacks.”


Read the Attivo Networks and Check Point R80 Solution Brief

About Attivo Networks

Attivo Networks® is the leader in deception technology for real-time detection, analysis, and accelerated response to cyber-attacks. The Attivo ThreatMatrix™ Deception and Response Platform accurately detects advanced in-network threats and provides scalable continuous threat management for user networks, data centers, cloud, IoT, ICS-SCADA, and POS environments. Attivo Camouflage dynamic deception techniques and decoys efficiently lure and deceive attackers into revealing themselves while attack path and lateral movement tracking provide accurate visibility to advanced, credential, ransomware, and insider threats that have evaded prevention systems. The solution’s automated attack analysis and forensic reporting provides evidence-based alerts, and auto-blocking and quarantine of attacks for accelerated incident response. For more information, visit

Follow Attivo Networks: Twitter and LinkedIn.


Gary Thompson
Clarity Communications

Check Point Software Technologies and the Check Point Software Technologies logo are trademarks of Check Point Software Technologies Ltd. in the United States and jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Ready to find out what’s lurking in your network?

Scroll to Top