ThreatDefend® Platform for Threat Prevention & Detection

ThreatDefend® Detection & Response Platform

The Attivo ThreatDefend® Platform delivers unparalleled attack prevention, detection, and adversary intelligence collection based on cyber deception and data concealment technologies for an informed defense. The platform efficiently derails attacker discovery, lateral movement, privilege escalation, and collection activities early in the attack cycle across endpoints, Active Directory, and network devices on-premises, in clouds, and on specialized attack surfaces.

ThreatDefend® Platform Overview in 65 Seconds

ThreatDefend® Platform

The ThreatDefend® platform provides comprehensive prevention and detection technology to deny, detect and derail attackers across a wide variety of attack surfaces. The modular design provides flexibility to add detection coverage for active directory, endpoint, network, and cloud.

BOTsink Asset Defense

Asset Defense

Network-based post-compromise detection and engagement to misdirect attackers and collect adversary intelligence.

EDN Endpoint Defense

Endpoint Defense

Endpoint protection suite to restrict discovery, lateral movement, and privilege escalation.

ADSecure Active Directory Protection

Identity Detection and Response

Identity attack surface management solutions for the enterprise.

AWARDS FOR THE BEST THREAT DETECTION AND RESPONSE TECHNOLOGY

Benefits of the ThreatDefend® Solution

Organizations choose Attivo Networks for:

Application Credentials

Controlled Access Management

  • Prevent attackers from stealing credentials, escalating privileges, or finding the sensitive or critical data they seek.
Reduce Attack Detection Time

Reduce Attack Detection Time

  • Reduce attacker dwell time with accurate post-compromise threat detection. Detect reconnaissance, lateral movement, and credential theft early.
Actionable Alerts Improve Incident Response

Actionable Alerts Improve Incident Response

  • High-fidelity alerts accelerate incident response with rich threat intelligence and forensic reporting, reducing overall time to remediation.
forensic

Identify & Understand Attacker Methods & Intent

  • Engage attackers within a safe sandboxed environment to gain threat intelligence and for forensic reporting. Learn which systems are infected and detect polymorphic activity.
Mergers and Acquisitions

Integrations Accelerate Incident Response

  • Expedite and simplify Incident response is with 3rd party integrations that share threat intelligence and automate blocking, quarantining, and threat hunting.

DECEPTION AND DERAILMENT IN THE SECURITY STACK

Detect in-network attackers that have evaded existing control.

DECEPTION AND DERAILEMENT IN THE SECURITY STACK

DETECT ANY TYPE OF ATTACK ACROSS ANY TYPE OF NETWORK

reconnaisance

DISCOVERY

Detect scans, queries, access attempts, and engagement

StolenCredentials

CREDENTIAL THEFT

Catch credential harvesting & reuse

man-in-the-middle

LATERAL MOVEMENT

Detect and redirect lateral movement attempts

ransomware

DATA COLLECTION

Conceal and deny access to sensitive data from attacks

active-directory

ACTIVE DIRECTORY

Conceal and deny access to privileged AD accounts and objects

ThreatDefend® Features

ThreatDefend® is a comprehensive, scalable detection platform designed for the early detection of external threat actors and insiders (employees, suppliers, contractors) and for accelerating incident response.

Attack Surface Scalability

Deploys on-premises, in the cloud, and at remote sites to protect user networks, data centers, cloud environments, and specialty networks.

Attack Path Vulnerability Assessment

Understand attack path vulnerabilities based on exposed credentials and misconfigurations.

Protect Credentials

Hide and restrict access to sensitive or privileged credentials at the endpoint and on Active Directory

IN-NETWORK THREAT DETECTION

Early endpoint, network, application, data, and Active Directory post-compromise attack detection

SUBSTANTIATED ALERTS & FORENSICS

Actionable alerts from attacker engagement with any detection asset, with full forensic collection for evidence-backed response

ATTACK ANALYSIS

Automated attack and malware analysis and correlation improves remediation times

ACCELERATED INCIDENT RESPONSE

Extensive 3rd party integrations and repeatable playbooks accelerate incident response to block, isolate, threat hunt, and share data

THREAT INTELLIGENCE

Graphical maps for network visualization and time-lapsed attack replay. Endpoint visibility into attack activity source processes

EASY DEPLOYMENT & OPERATIONS

Flexible deployment options, machine learning, and enterprise-wide central management

DECEPTION AND CONCEALMENT

Create deceptive assets at the network, in endpoints, and on Active Directory that detect attack activity and misdirect attackers. Conceal and deny access to sensitive data to prevent exploitation. Redirect attackers to decoys for engagement.

Deception and Concealment Deny

Deny

  • Hide local and AD privileged accounts and objects
  • Hide local files, folders, mapped network and cloud shares, and removable storage
  • Remediate stored credentials and misconfigurations to reduce the attack surface
Deception and Concealment Detect

Reduce Attack Detection Time

  • Detect AD queries and attempts to access hidden data
  • Detect credential theft, reconnaissance, and lateral movement attempts
  • Provide endpoint and engagement-based forensics and visibility
Deception and Concealment Derail

Derail

  • Divert connection attempts to decoys for engagement
  • Breadcrumb attackers to the deception environment with fake credentials and AD data
  • Occupy attackers in engagement environment to gather adversary intelligence

Detections Across Attack Phases

Reduce attacker dwell time through the early detection of threats and their movement.

Initial Compromise

Establish Foothold

DECEPTION DETECTS:

  • Custom malware
  • C2
  • App exploitation

Escalate Privileges

DECEPTION DETECTS:

  • Credential theft
  • Password cracking
  • “Pass-the-hash”

Internal Recon

DECEPTION DETECTS:

  • Critical system recon
  • System, AD & user enumeration

MOVE LATERALLY

DECEPTION DETECTS:

  • Net use commands
  • Reverse shell access

MAINTAIN PRESENCE

DECEPTION DETECTS:

  • Backdoor variants
  • VPN subversion
  • Sleeper malware

Complete Mission

Simple Deployment and Operations.

Whether your organization is big or small, creating and maintaining Attivo Networks Threat Platform is as easy as 1,2,3.

easy-m-1

Easy to Customize

Automatically proposes campaigns based on environmental self-learning

attivo-m-2

Easy to Deploy

Out-of-band deployments scale with existing production infrastructure

attivo-m-3

Easy to Operate

Centralized management, actionable alerts, automation, and native integrations empower fast responses

Spotlight

SC Media ThreatDefend® Platform v5.0 Review

Resources

Understanding Deception Technology
Deception-Based Threat Detection eBook
Deception Technology Use Cases to Defeat Advanced Attackers
How to Build a Deception Program
Solution Brief
DECEPTION SOLUTION OVERVIEW
td-platform-vid
THREATDEFEND PLATFORM OVERVIEW VIDEO
td-platform-vid
AT-A-GLANCE – THREATDEFEND PLATFORM

Ready to find out what’s lurking in your network?

Scroll to Top