Attivo Networks Blogs

Scaling Attivo Solutions with Cisco Products

Scaling Attivo Solutions with Cisco Products

By: Marc Feghali Co-founder and VP of Product Management – Network, system, and data compromises occur at an unrelenting pace, and organizations across industries seek innovative solutions to protect themselves. Security professionals realize that they have detection gaps inside their networks and face mounting concerns about their ability to quickly detect and stop attackers before they cause too much damage. Attackers have proven they can evade security controls to compromise an internal system. Once inside, they will establish a foothold and move laterally throughout the network, bypassing existing security solutions until they complete their mission. Organizations need a new approach focusing on in-network threats to quickly detect and shut down these attacks without relying on typical detection methods such as matching known signatures or attack patterns. This new approach hides and restricts access to sensitive or critical data while creating a fabric of endpoint and network decoys that engage with attackers, generate alerts, and record their activities.

The Attivo Networks ThreatDefend® platform provides a customer-proven innovative defense against identity compromise, privilege escalation, and lateral movement attacks. The platform’s visibility programs deliver insight into credential and attack path vulnerabilities and Active Directory domain, user, and device-level exposures for organizations seeking increased security based on least privilege access. The ThreatDefend platform’s concealment technology derails attackers as they can no longer find or access the data, files, AD objects, and credentials they seek.

Additionally, the solution’s decoys obfuscate the attack surface, collect forensic data, automatically analyze attack data, and automate incident response through its 30+ native integrations. The platform provides the most comprehensive in-network detection solution, providing a detection fabric that scales to on-premises, cloud, remote worksites, and specialty environments such as IoT, SCADA, POS, SWIFT, and network infrastructure.

The ThreatDefend platform includes several modular components.

Pre-attack tools to reduce the attack surface:

  1. The ADAssessor solution provides unprecedented visibility to Active Directory (AD) risk with continuous insight into exposures, overprovisioning, and misconfiguration for domains, users, and devices. It also detects mass changes to AD objects in real-time, indicating an attack is underway and providing an early warning for organizations to derail activities that typically go undetected. The solution deploys to a single standard workstation that belongs to the AD forest and comes with a management console for analysis and management.
  2. The IDEntitleX solution provides visibility and reduces the attack surface for identities and entitlements in the cloud.  The solution provides customers with a unified view of identities and exposures across the organization to address provisioning management challenges while maintaining operational effectiveness. The solution includes multi-cloud support for AWS and Azure and provides detailed entitlement visibility for users, applications, virtual machines, containers, serverless functions, and other objects attackers target.
  3. The Endpoint Detection Net (EDN) Suite Threatpath solution identifies and remediates the available attack path to an attacker inside the network

Post-attack tools:

  1. The EDN Suite anticipates attacker methods to move laterally from infected endpoints and ambushes their moves with lures, bait, and misdirection to speed threat detection. EDN boosts existing endpoint security detection performance by showing exposed credential attack paths, credential misuse, and attempts to enumerate Active Directory (AD). Concealment technology hides and denies access to critical files, data, AD objects, and credentials. The solution prevents discovery, credential theft, privilege escalation, data collection, and lateral movement.
  2. The BOTsink® server provides a comprehensive deception-based defense for on-premises, cloud, remote, and OT environments. Decoy systems and documents that appear identical to production assets provide early and accurate in-network threat detection. Its high-interaction engagement environment safely collects adversary intelligence and automates analysis and incident response. Machine learning makes customizations, deployment, and operations scalable and straightforward. Over 30 native integrations automate isolation, blocking, and threat hunting.

The ThreatDefend platform can cover all networks of any size and topology. The platform can deploy the ThreatDirect deception forwarders to support remote worksites (remote offices, retail stores, warehouses, etc.) and segmented networks to enable that flexibility and reach. The ThreatDirect forwards come as dedicated virtual machines, endpoint modules, or containerized applications.

The Cisco Catalyst 9000 series switches can run the container version of the ThreatDirect application to provide coverage on a per-subnet basis. This feature scales the deception fabric to remote sites with the existing infrastructure already in place, ensuring consistent coverage across the entire enterprise. The ThreatDirect container can be managed and deployed on the Catalyst switches using Cisco DNA-C.

To learn more about how the Cisco and Attivo Networks combined solution enables enterprises to scale their security coverage leveraging their installed infrastructure and networking fabric, contact us at

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

17 + eighteen =

Ready to find out what’s lurking in your network?

Scroll to Top