Attivo Networks Blogs

Attivo Networks Completes Integration with Palo Alto Networks Firewall to Empower Automatic Blocking of Data Exfiltration

FREMONT, Calif., July 18, 2016 – Attivo Networks®, the award-winning leader in deception for cyber security threat detection, announced today an integration combining the Attivo Networks Deception Platform with the Palo Alto Networks® Next-Generation Firewall. The integration brings together prevention, detection, and incident response capabilities into a solution that can automatically block infected nodes from gaining Internet access and exfiltrating valuable company data.

The Attivo Networks Deception Platform is designed to detect cyber attackers regardless of whether it is a targeted attack, involves stolen credentials, man-in-the-middle attacks, ransomware, or originates from an insider threat. Not reliant on signatures or known attack patterns, the Attivo solution uses deception technology to detect threats, like zero-day attacks, that are conducting reconnaissance or are moving laterally to escalate their attack inside the network. The Attivo BOTsink® deception decoys are set up to look identical to production assets by using real operating systems and services and can be customized with a customer’s production golden image. Attivo end-point deception lures are also planted to entice and misdirect the attacker to Attivo deception servers. By engaging with decoys and not with production devices, attackers are deceived into revealing themselves and can be quarantined and studied for detailed attack analysis.

The Palo Alto Networks Next-Generation Firewall identifies and controls applications flowing across physical and cloud-based networks, inspecting the content for known and unknown malware. As the cornerstone of Palo Alto Networks Next-Generation Security Platform, the next-generation firewall provides the visibility and enforcement needed to safely enable applications and deliver automated prevention against cyber-attacks.

The integration of Attivo BOTsink deception decoys and the Palo Alto Networks next-generation firewall provides customers with attack detection, analysis inside the network, and automated blocking. Intelligence is fed from BOTsink into the next-generation firewall to automatically block infected nodes and prevent cyber breaches. As BOTsink deception decoys identify infected nodes, their IP addresses are sent to the next-generation firewall for policy enforcement via API, effectively quarantining the device, stopping any communication with the Command and Control (CNC) and preventing any data exfiltration.

“Based on strong customer demand for a comprehensive defense, we have integrated the Attivo Deception Platform and the Palo Alto Networks Next-Generation Firewall to provide the best time-to-detection, and the best time-to-remediation for our joint customers,” said Tushar Kothari, CEO of Attivo Networks. “Customers using the integration can now benefit from the Palo Alto Networks prevention-first mindset and choose to automatically block alerts of high severity, which in many cases will mean the difference of a small incident vs large scale catastrophe.”

About Attivo Networks

Attivo Networks® is the leader in dynamic deception technology for the real-time detection, analysis and forensics of cyber-attacks. The Attivo Deception Platform provides inside-the-network threat detection for user networks, data centers, clouds, and ICS-SCADA environments. Not reliant on known signatures or attack patterns, Attivo uses high-interaction deception techniques based on Attivo BOTsink® engagement servers to lure attackers into revealing themselves. Combined with the Attivo End-Point Deception Suite, advanced luring technology is deployed to detect the use of stolen credentials, ransomware, and targeted attacks. Comprehensive attack analysis and forensics provide actionable alerts and can be set to automatically block and quarantine attacks for accelerated incident response. For more information visit

Follow Attivo Networks: Twitter and Linked In.


Gary Thompson
Clarity Communications


Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

nineteen − 11 =

Ready to find out what’s lurking in your network?

Scroll to Top