BOTsink®

The Attivo Networks® BOTsink® server provides the foundation for the ThreatDefend® Deception and Response Platform . Using dynamic deception techniques and a matrix of distributed decoy systems, the entire network becomes a trap designed to deceive attackers and their automated tools. As an early warning system for in-network threats, the Attivo Networks BOTsink solution quickly and accurately detects threats that have by bypassed other security controls. The solution efficiently detects attacker reconnaissance and lateral movement without relying on known attack patterns or signatures.

The Attivo deception solution works by projecting decoys that appear indistinguishable from real production assets and are designed to engage and misdirect an attacker. For authenticity, decoys run real operating systems and services and can be customized with production “golden images” to better blend in with other network assets. Out-of-the-box decoy deception campaigns cover a wide variety of attack surfaces and include configurations for identical appearance to production servers, endpoints, industrial control systems, IoT devices, point-of-sale units, network infrastructure and VOIP systems.

The Attivo Networks solution delivers substantiated engagement-based alerts with the details required for incident handling and response, in a format that’s designed for optimal attack information sharing and forensic reporting. Operators can view attack details within the threat intelligence dashboard that presents actionable, detailed, drill-downs, or through a variety of forensic reports. Over 30 native integrations with 3rd party tools provide automated blocking, quarantine to accelerate incident response, and support threat hunting.

Deception technology provides a full range of benefits that are unmatched by other security solutions for efficiently and effectively addressing security challenges.

BENEFITS

  • Accurate and early in-network threat detection for any threat vector
  • Comprehensive solution with scalability for evolving attack surfaces
  • Automated deployment and operation through Machine learning
  • Detailed attack and root cause analysis with substantiated alerts and forensic reporting 
  • Accelerated incident response through 3rd party integrations that automate isolation, blocking, and threat hunting

USE CASES

  • Detect lateral movement and internal reconnaissance
  • Credential theft detection (with – ThreatStrike™ Suite)
  • Accurate external adversary, insider and supplier threat visibility
  • Improve threat response and verify reliability of existing security controls
  • Detect malware infection and slow its spread
  • Specialty Detections: datacenter, user networks, Cloud, IoT, POS, SCADA, telecom, router, application decoys, SWIFT, database, DecoyDocs