Attivo Networks Provides First Deception-based Threat Detection Platform for Internet of Things (IoT)

Detection Platform Addresses Gaps in IoT Security with Real-time Threat Detection and Attack Forensics for Accelerated Incident Response

May 25, 2016

3 Min Read


FREMONT, Calif., May 24, 2016— Attivo Networks®, the award-winning leader in deception for cyber security threat detection, today announced an expansion of the Attivo Deception Platform, which provides real-time threat detection and accelerated incident response, to now support the Internet of Thing (IoT) ecosystem. This new enhancement complements the existing Deception Platform that supports user networks, data centers, cloud and ICS-SCADA environments. “Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015”[1], bringing a whole new set of cybersecurity risk and the need for real-time attack detection.

IoT systems are network connected devices that collect and exchange data, allowing enterprises to increase efficiency and productivity. IoT networks bring in a diverse amount of connected devices and can introduce multiple points of vulnerabilities in the networks. High-availability and safety are important attributes of IoT deployments and downtime of IoT sensors/network can cause significant damage to an organization and in some cases public safety. Just a few of the security challenges that these devices bring include a dramatic increase in unauthorized access, weak encryption, targeted attacks exploiting vulnerabilities in vendor software, weak passwords and many more. Once inside the network, attackers can use stolen credentials or move laterally to gain illegitimate access to company assets and information. Rich IoT targets include PACS (Picture archive and communications system) servers which store critical patient data such as x-rays and other digital images, payment gateways for credit card processing, and other data gathering and aggregation frameworks.

The Attivo Networks Deception Platform is designed to detect cyber attackers regardless of whether the attack is a targeted, stolen credential, ransomware, or insider threat. Customers can configure the Attivo Deception Platform to look identical to IoT systems based on  XMPP, COAP, MQTT, HL7 and DICOM based PACS servers in their networks. The Attivo BOTsink® engagement servers and decoys can then be customized to appear as production IoT sensors and servers, deceiving attacker into thinking they’re authentic. By engaging with decoys and not with production devices, the attacker reveals themselves and can be quarantined and studied for detailed forensics that can be used for remediation and future prevention.

“With the growing number of IoT devices in production networks, even minor security issues can turn into significant problems. This new surge of IoT devices will be a cyber attacker’s playground with introduction of new data exchange mechanism and traditional security infrastructure being ill equipped to prevent threat actors from using these devices as an onramp to their network.” said Tushar Kothari, CEO of Attivo Networks.  “Given the inability to run anti-virus or apply typical prevention measures, deception will play a critical role in the early threat detection and response to IoT cyberattacks.”

According to Gartner analysts Ray Wagner,Earl Perkins,Greg Young, Anmol Singh and Lawrence Orans  in their December 2015 report Predicts 2016: Security for the Internet of Things, “Discovery, provisioning, authentication and data protection will account for 50% of all security spend for IoT through 2020… by year-end 2018, over 50% of IoT device manufacturers will remain unable to address product threats emanating from weak authentication practices.

About Attivo Networks

Attivo Networks® is the leader in dynamic deception technology for the real-time detection, analysis and forensics of cyber-attacks. The Attivo Deception Platform provides inside-the-network threat detection for user networks, data centers, clouds, and ICS-SCADA environments.  Not reliant on known signatures or attack patterns, Attivo uses high-interaction deception techniques based on Attivo BOTsink® engagement servers to lure attackers into revealing themselves. Combined with the Attivo End-Point Deception Suite, advanced luring technology is deployed to detect the use of stolen credentials, ransomware, and targeted attacks. Comprehensive attack analysis and forensics provide actionable alerts and can be set to automatically block and quarantine attacks for accelerated incident response. For more information visit

Follow Attivo Networks: Twitter and Linked In


Gary Thompson

Clarity Communications

[email protected]


[1] Gartner Press Release, 

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights