Attivo Networks Blogs

Attivo Networks ThreatDefend™ Detection and Response Platform


Product: ThreatDefend™ Detection and Response Platform

What we liked: A well-polished platform; one of the more mature solutions we’ve seen in this space.

Security professionals are clearly recognizing the promise offered by this additional layer of detection, with many new industry segments adapting the deception model to their discrete infrastructure landscapes. Attivo’s ThreatDefend approaches deception at the platform level with a comprehensive collection of dynamic traps and lures that attract intruders to imitation networks, offsite connections, IoT-related endpoints, cloud applications, and point of sale networks.

A new name to our roster, Attivo has operated within the space since 2015 and demonstrates exceptional vendor growth. Savvy attackers will expect to interact within specific surfaces and endpoints. This could mean IoT-connected medical devices within a healthcare system or logic controllers in a manufacturing setting. Therefore, it is crucial to the deception that these expectations are met to draw in intruders ever deeper within the deceptive net.

ThreatDefend platform sits on a trunk port and is scalable with up to 100 VLANs per box and an unlimited number of IPs that can be assigned dynamically. We are especially keen on the superbly thought-out Shuffle button, a practical utility that changes hosts names, MAC addresses, IP addresses, and adjusts the number of endpoint decoys with the click of a button. There’s no need to build everything from scratch or manually change decoys. The same ease of use applies when adding new components to your existing system. ThreatDefend can set alerts for any new real VLANs and endpoints for analysts to coordinate and build new parameters into the deception strategy.

However capable the detection-oriented functions of the platform, we should not ignore the requirements of gathering forensic information. Based on engagement with an adversary, ThreatDefend safely collects attacker TTPs, IOCs, and counterintelligence for insight into attacker capabilities, goals, and the information they are seeking to exfiltrate. This analysis is done after detection when ThreatDefend is poised to grab malicious URLS and analyze pertinent details about the intruder’s goals. Similar efforts involve extracting a payload and performing an initial analysis in order to capture the full attack’s TCP scheme.


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

9 − one =

Ready to find out what’s lurking in your network?

Scroll to Top