ThreatDefend® Detection & Response Platform
The Attivo ThreatDefend® Platform delivers unparalleled attack prevention, detection, and adversary intelligence collection based on cyber deception and data concealment technologies for an informed defense. The platform efficiently derails attacker discovery, lateral movement, privilege escalation, and collection activities early in the attack cycle across endpoints, Active Directory, and network devices on-premises, in clouds, and on specialized attack surfaces.
ThreatDefend® Platform Overview in 65 Seconds
ThreatDefend® Platform
The ThreatDefend® platform provides comprehensive prevention and detection technology to deny, detect and derail attackers across a wide variety of attack surfaces. The modular design provides flexibility to add detection coverage for active directory, endpoint, network, and cloud.
Asset Defense
Network-based post-compromise detection and engagement to misdirect attackers and collect adversary intelligence.
Endpoint Defense
Endpoint protection suite to restrict discovery, lateral movement, and privilege escalation.
Identity Detection and Response
Identity attack surface management solutions for the enterprise.
Benefits of the ThreatDefend® Solution
Organizations choose Attivo Networks for:
- Prevent attackers from stealing credentials, escalating privileges, or finding the sensitive or critical data they seek.
- Reduce attacker dwell time with accurate post-compromise threat detection. Detect reconnaissance, lateral movement, and credential theft early.
- High-fidelity alerts accelerate incident response with rich threat intelligence and forensic reporting, reducing overall time to remediation.
- Engage attackers within a safe sandboxed environment to gain threat intelligence and for forensic reporting. Learn which systems are infected and detect polymorphic activity.
- Expedite and simplify Incident response is with 3rd party integrations that share threat intelligence and automate blocking, quarantining, and threat hunting.
DECEPTION AND DERAILMENT IN THE SECURITY STACK
Detect in-network attackers that have evaded existing control.
DETECT ANY TYPE OF ATTACK ACROSS ANY TYPE OF NETWORK
DISCOVERY
Detect scans, queries, access attempts, and engagement
CREDENTIAL THEFT
Catch credential harvesting & reuse
LATERAL MOVEMENT
Detect and redirect lateral movement attempts
DATA COLLECTION
Conceal and deny access to sensitive data from attacks
ACTIVE DIRECTORY
Conceal and deny access to privileged AD accounts and objects
ThreatDefend® Features
ThreatDefend® is a comprehensive, scalable detection platform designed for the early detection of external threat actors and insiders (employees, suppliers, contractors) and for accelerating incident response.
Attack Surface Scalability
Deploys on-premises, in the cloud, and at remote sites to protect user networks, data centers, cloud environments, and specialty networks.
Attack Path Vulnerability Assessment
Understand attack path vulnerabilities based on exposed credentials and misconfigurations.
Protect Credentials
Hide and restrict access to sensitive or privileged credentials at the endpoint and on Active Directory
IN-NETWORK THREAT DETECTION
Early endpoint, network, application, data, and Active Directory post-compromise attack detection
SUBSTANTIATED ALERTS & FORENSICS
Actionable alerts from attacker engagement with any detection asset, with full forensic collection for evidence-backed response
ATTACK ANALYSIS
Automated attack and malware analysis and correlation improves remediation times
ACCELERATED INCIDENT RESPONSE
Extensive 3rd party integrations and repeatable playbooks accelerate incident response to block, isolate, threat hunt, and share data
THREAT INTELLIGENCE
Graphical maps for network visualization and time-lapsed attack replay. Endpoint visibility into attack activity source processes
EASY DEPLOYMENT & OPERATIONS
Flexible deployment options, machine learning, and enterprise-wide central management
DECEPTION AND CONCEALMENT
Create deceptive assets at the network, in endpoints, and on Active Directory that detect attack activity and misdirect attackers. Conceal and deny access to sensitive data to prevent exploitation. Redirect attackers to decoys for engagement.
- Hide local and AD privileged accounts and objects
- Hide local files, folders, mapped network and cloud shares, and removable storage
- Remediate stored credentials and misconfigurations to reduce the attack surface
- Detect AD queries and attempts to access hidden data
- Detect credential theft, reconnaissance, and lateral movement attempts
- Provide endpoint and engagement-based forensics and visibility
- Divert connection attempts to decoys for engagement
- Breadcrumb attackers to the deception environment with fake credentials and AD data
- Occupy attackers in engagement environment to gather adversary intelligence
Detections Across Attack Phases
Reduce attacker dwell time through the early detection of threats and their movement.
Initial Compromise
Establish Foothold
DECEPTION DETECTS:
- Custom malware
- C2
- App exploitation
Escalate Privileges
DECEPTION DETECTS:
- Credential theft
- Password cracking
- “Pass-the-hash”
Internal Recon
DECEPTION DETECTS:
- Critical system recon
- System, AD & user enumeration
MOVE LATERALLY
DECEPTION DETECTS:
- Net use commands
- Reverse shell access
MAINTAIN PRESENCE
DECEPTION DETECTS:
- Backdoor variants
- VPN subversion
- Sleeper malware
Complete Mission
Simple Deployment and Operations.
Whether your organization is big or small, creating and maintaining Attivo Networks Threat Platform is as easy as 1,2,3.
Easy to Customize
Automatically proposes campaigns based on environmental self-learning
Easy to Deploy
Out-of-band deployments scale with existing production infrastructure
Easy to Operate
Centralized management, actionable alerts, automation, and native integrations empower fast responses