Deception Technology for Incident Response and Threat Intelligence

Incident Response

Actionable alerts, forensics, and automation to accelerate incident response.

Overview

The Attivo Networks Deception and Response Platform provides substantiated, actionable alerts. Its decoys record all attacker interactions to capture the forensic evidence analysts need to conduct and report on their investigations. With the Informer solution, the built in analysis engine automatically correlates attack data, enriches the information with native threat intelligence feeds, and delivers an accurate chronological session view of all attacker activity. The system automates incident response with integrations that provide automatic threat intelligence sharing, blocking, and threat hunting. The ThreatOps module can be activated to provide repeatable playbooks, providing consistent and rapid responses from a deception-based detection. These functions all simplify and increase the efficiency of the incident response process.

Benefits

Accelerated incident response for faster investigation resolution.

substantiated-alerts

Substantiated Alerts

  • Based on Attacker engagement
  • Immediately Actionable
  • Responders can act with high confidence
automated-analysis

Automated Analysis

  • Attack information correlation
  • Threat intelligence enrichment
  • Identify polymorphic or time-triggered activity
forensic

Advanced Forensics

  • Capture all network disk and memory activity
  • Exportable and shareable
  • Ready access to evidence for investigations
Informer Icon 1

Informer Dashboard

  • Consolidated adversary intelligence
  • Faster forensic investigation
  • Visibility to create a predictive defense
automated-playbooks

Automated Playbooks

  • Consistent, repeatable response process
  • Simplifies IR operations
  • Increases efficiency in CSIRT
native-integrations

Native Integrations

  • Threat intelligence sharing
  • SIEM and EDR for hunting
  • Blocking, isolation with Firewalls, NAC, EDR

Incident Response Capabilities

binoculars

Attack Analysis

info

Threat Intelligence Development

actions

Automated Response Actions

magnifying-glass

Malware Analysis

cog

Native Integrations

eye

Attack Time-Lapse Replay

Native integrations to Simplify, Accelerate and Automate Incident Response

Investigation, Analysis, and Hunting

Accelerate investigations, analysis, and threat hunting to quickly identify threats and compromised systems in the environment.

Contain / Network Blocking

Efficiently contain compromised systems before threats spread to other victims or exfiltrate data out of the network.

Contain / Endpoint Quarantine

Quickly isolate compromised system from the rest of the network to respond to fast moving threats or stop further attack activity.

Ticketing

Automatically generate service tickets to remediate compromised systems and increase workflow efficiency.

“The most important thing you do is provide me alerts based on confirmed activity… you are my eyes and ears on the inside of my network.. the nerve center”

Senior Director of Info Sec at Top 50 Retail Organization

Resources

Solution Brief
Distributed Deception Platforms for Automating Incident Response
td-platform-vid
Tony Cole, Attivo Networks CTO, at InfoSec Europe 2018
td-platform-vid
Partnering with Blue Coat to Improve Incident Response Time

Perspectives

Seven Steps to Simplify and Improve Your Incident Response
Attivo Networks rolls in incident response and controls into their deception
Teaming up with Check Point to Improve Detection and Accelerate Incident…

Spotlight

Attivo Networks ThreatOps
Platform Video

phone-icon

Speak to a Security Specialist

Ready to find out what the Attivo Networks solution can do for your organization? Our security experts are standing by, ready to answer your questions.

Ready to find out what’s lurking in your network?

Scroll to Top