Attivo Networks Blogs

Lessons Learned from Cisco Live

Scaling Attivo Solutions with Cisco Products

Written by: Joseph Salazar, Technical Marketing Engineer –Attivo Networks recently spent a week at the San Diego Convention Center for Cisco Live 2019. While not as crowded or crazy as San Diego ComicCon, Cisco Live certainly offered its share of well-attended sessions and events. Attivo had a presence in the Security Village surrounded by other Cisco partners who are all contributors to the security ecosystem. We had on opportunity to speak at the Security Theater and met with prospects, customers, partners, and potential integration partners to expand our capabilities and hear first-hand about the challenges they are encountering in the security space.

During the event, we announced our partnership with Digital Defense to introduce the industry’s first integrated risk and deception-based platform for IoT and ICS networks. It was an exciting week, featuring many fruitful chats with Cisco engineers to confirm our integration enhancements with Cisco’s offerings. Just as the theme of this year’s Cisco Live was “Bridge to Possibilities”, as the sole deception technology provider, our presence provided a bridge to the continuing possibilities with Cisco’s security solutions.

As announced at Cisco Live, our partnership with Digital Defense involves their Frontline.Cloud offering, a vulnerability management and threat assessment platform that identifies high-risk/critical assets with a business context that is highly vulnerable to exploits, remains unpatched, are un-patchable, or have already been infected in real-time. The integration with the Attivo Networks BOTsink® solution allows administrators to quickly and confidently make strategic decisions on where to dynamically deploy additional deception technology assets to enhance their deception deployment and further misdirect attackers. This gives organizations the advantage of the time to detect, analyze, and stop an attacker even as their risk posture and critical assets change. Digital Defenses leverages its dataset to call the BOTsink to deploy additional on-demand decoys where they are needed based on vulnerability data and threat profiles.

Our partnership with Cisco is particularly robust and was the impetus to participate at Cisco Live. Prior to the conference, we conducted a webinar with Brian Gonsalves, Senior Manager of Product Management and Business Development with Cisco, that covered how the partnership between Cisco Systems and Attivo Networks better defends the enterprise. This partnership involves several key integrations that enhance overall security, decreases the time to respond to a security incident, and allows for easy scaling of the deception environment to remote sites. The Attivo Networks ThreatDefend™ platform integrates with several Cisco security products to offer customers a collective defense solution that provides detection of real-time threats, gathering of attack analysis, manual or automated blocking of attacks, and quarantining of endpoints based on suspicious activity:

  • The ThreatDefend platform can add deception-based detections of internal attacker IP addresses to Cisco ASA firewalls to manually or automatically block Command and Control communications or data exfiltration.


  • Attivo Networks is a pxGrid Partner, and as such, the ThreatDefend platform can transmit threat information to Cisco ISE via pxGrid to offer manual or automated quarantining of endpoints based on a deception-based detection.


  • The Cisco Firepower Threat Defense (FTD) platform can also ingest this threat information from Cisco ISE via pxGrid, extending the deception-based detection value to the Cisco Next-Generation firewalls.


  • The ThreatDefend platform can project Cisco IOS decoys for routers, switches, and VOIP from the BOTsink server.


  • The ThreatDirect™ solution is a VM forwarder mechanism for scaling to remote or branch offices, micro-segmented networks, and cloud environments. Cisco ISR 4000 Series & ASR 1000 Series routers support the ThreatDirect solution within the built-in hypervisor.


  • The Catalyst 9000 Series Switches can run the ThreatDirect container application to provide coverage on a per-VLAN basis, deployed via Cisco DNA-C. Cisco had a running demo of this capability at their Cisco Live demonstration booth.

Participating at Cisco Live 2019 was an excellent opportunity to showcase how Cisco and Attivo better protect Cisco customer’s networks through our joint partnership.

For more information on our various integrations with Cisco, please see our Cisco Partner Brief.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

seventeen − 6 =

Ready to find out what’s lurking in your network?

Scroll to Top