Attivo Networks and ForeScout Team Up to Provide Real-time Threat Detection and the Automated Quarantining and Blocking of Cyber Attacks - Attivo Networks
Attivo Networks Blogs

Attivo Networks and ForeScout Team Up to Provide Real-time Threat Detection and the Automated Quarantining and Blocking of Cyber Attacks

Accelerated Time-to-Detection and Time-to-Remediation Provide Comprehensive Cyber Security Defense

FREMONT, Calif., June 29, 2016— Attivo Networks®, the award-winning leader in deception for cyber security threat detection, today announced a partnership and technology integration with ForeScout Technologies, Inc., the pioneer in agentless cybersecurity. The combined solution will provide real-time detection of cyber-attacks and will automatically update the ForeScout® CounterACT® solution to instantly block and quarantine cyber threats. The integration is designed to dramatically reduce incident response time and provide customers the ability to help prevent the exfiltration of company data and the spread of infection to other devices.

The Attivo Deception Platform has two primary products which both integrate with ForeScout CounterACT. First, the BOTsink management platform, which is designed to provide inside-the-network threat detection, attack analysis and forensics. In addition, the Attivo End-Point Deception Suite provides the end-point deception lures used to deceive and misdirect attackers.

  • The integration with the BOTsink management platform includes the detection of all vectors of cyber-attack including reconnaissance, stolen credentials, phishing, ransomware and multi-stage exploit kits. Attack information gathered from engagement with an attacker is analyzed and automatically communicated to CounterACT for the automated blocking of data exfiltration and communications with Command and Control, and to quarantine the infected device from the network so that additional systems do not become infected.
  • Integration with the Attivo End-point Deception Suite and CounterACT provides an additional option to expedite and simplify the deployment of the Suite for large-scale end-point deployments. Integrations with Microsoft Active Directory and Casper are also available deployment options.

ForeScout CounterACT is a physical or virtual security solution that dynamically identifies and evaluates network endpoints the instant they connect to your network. Because CounterACT doesn’t require agents, it works with your endpoints—managed and unmanaged, known and unknown, PC and mobile, embedded and virtual. CounterACT can quickly determine information about the endpoint such as user, owner, operating system, device configuration, software, services, patch state and the presence of security agents. Next, it continuously monitors endpoints as they come and go from the network and works with third-party tools to initiate policy-based remediation actions. CounterACT works with leading network infrastructure, third-party security and IT management solutions.

“Cyber-attackers have had the historical benefit of being able to run under the radar, which has given them time to mount their attacks,” said Tushar Kothari, CEO of Attivo Networks. “Together with ForeScout Technologies, we remove this advantage by detecting the attacker’s presence in real time and stopping the attacker in their tracks by instantly quarantining them off the network. This is invaluable to protecting organizations from ransomware and other attacks designed to spread quickly through a network.”

“Endpoints are the typical entry point for attackers as they look for credentials to steal and launch their attack,” said Pedro Abreu, Chief Strategy Officer, ForeScout Technologies, Inc. “ForeScout CounterACT simplifies the large-scale deployment of the Attivo End-Point Deception Suite, which when in place, provides the lures to deceive an attacker into engaging. The circle of adaptive defense completes when the attacker then becomes detected by the BOTsink platform and gets automatically blocked and quarantined through CounterACT.”


Solution Brief

About Attivo Networks

Attivo Networks® is the leader in dynamic deception technology for the real-time detection, analysis and forensics of cyber-attacks. The Attivo Deception Platform provides inside-the-network threat detection for user networks, data centers, clouds, and ICS-SCADA environments. Not reliant on known signatures or attack patterns, Attivo uses high-interaction deception techniques based on Attivo BOTsink® engagement servers to lure attackers into revealing themselves. Combined with the Attivo End-Point Deception Suite, advanced luring technology is deployed to detect the use of stolen credentials, ransomware, and targeted attacks. Comprehensive attack analysis and forensics provide actionable alerts and can be set to automatically block and quarantine attacks for accelerated incident response. For more information visit

Follow Attivo Networks: Twitter and Linked In

About ForeScout Technologies, Inc.

ForeScout Technologies, Inc. is transforming security through visibility. ForeScout offers Global 2000 enterprises and government organizations the unique ability to see devices, including non-traditional devices, the instant they connect to the network. Equally important, ForeScout lets you control these devices and orchestrate information sharing and operation among disparate security tools to accelerate incident response. Unlike traditional security alternatives, ForeScout achieves this without requiring software agents or previous device knowledge. The company’s solutions integrate with leading network, security, mobility and IT management products to overcome security silos, automate workflows and enable significant cost savings. As of January 2016, more than 2,000 customers in over 60 countries improve their network security and compliance posture with ForeScout solutions. Learn more at

Gary Thompson
Clarity Communications

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Ready to find out what’s lurking in your network?

Scroll to Top