Provides Detection and Forensic Analysis for All Classes of Cyber Threats

January 27, 2016

4 Min Read


Fremont, CA., January 26, 2016— Attivo Networks®, the leader in deception for cyber security threat detection, today announced that it has expanded its Deception Platform to detect all classes of cyber threats including reconnaissance, stolen credentials, phishing, and ransomware attacks. Deception is a new approach to cyber security defense and employs highly efficient deception techniques to attract attackers into engaging by luring them away from company assets while extending organizations the much-needed time to identify and thwart an attack. Expanding on its BOTsink® and end-point deception technologies, organizations can now benefit from additional functionality that can be used to deceive and stop attacks like CryptoLocker, KillDisk, and other file content altering attacks, and to safely quarantine and analyze phishing attacks.

“Attivo has taken a clear lead in the deception technology category based on customer deployments and the completeness of our solution,” comments Tushar Kothari, CEO of Attivo Networks.  “Our Deception Platform has proven itself to be the most comprehensive and effective solution in the market and this announcement demonstrates our commitment to building out both breadth and depth of deception solutions.  Our mission is very clear: we will defend our customers from every form of cyber attack with the real-time detection of breaches that have bypassed all other prevention defenses.”

The need for detecting inside-the-network threats that have bypassed prevention security solutions is growing swiftly, driven by the dramatic increase, expense, and maliciousness of breaches.  The Attivo Deception Platform is based on a comprehensive suite of deception engagement servers, deception luring technology and techniques, and on a highly sophisticated forensics and analysis correlation engine. The platform has proven to be a highly effective solution for detecting Advanced Persistent Threats (APTs) and BOTs that are running reconnaissance to mount their attacks, moving laterally throughout the network, and for detecting when attackers are trying to use stolen credentials. The BOTsink Multi-Dimensional Correlation Engine (MDCE) has now been enhanced to provide a safe “sandbox” environment to expand and activate suspect phishing emails. Additionally, the Attivo end-point deception lures have been enhanced to deceive attackers, luring them to the BOTsink engagement server for analysis and containment.

“Gartner believes that more lean-forward organizations should also leverage deception in-depth as a new strategy for comprehensive threat defense against the onslaught of advanced attackers and attack techniques,” comments Lawrence Pingree, Gartner Research Director in his report on deception techniques and technologies published last July.*

The phishing solution allows individuals to submit suspect emails to the BOTsink analysis engine. Here, the email will be analyzed, and reports created with associated industry threat classifications, empowering the team to promptly understand the threat and update prevention systems.

The Attivo end-point deception enhancements are designed to lure the attacker to the BOTsink engagement server, mitigating an attackers opportunity to modify the disk contents of other devices. This new functionality will be effective for detecting threats like CryptoLocker and KillDisk, which are built to encrypt, infect or erase files. Once an attacker is lured to the BOTsink platform the attack will be analyzed, alerts raised, and reports created for the immediate quarantining of the infected device.

Additionally, the new Attivo feature release includes enhancements to its deception technology and can now automatically deploy its engagement servers based on anomalous activity and draw attackers to BOTsink. Enhancements were also made to expand detection of attacks based on broadcast and multicast traffic.

Tweet This: .@attivonetworks expands #cybersecurity deception, detecting all classes of cyber threats including #Phishing and #Ransomware

* Gartner, Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities, Lawrence Pingree, 16 July 2015

About Attivo Networks

Attivo Networks® is the leader in dynamic deception technology, which in real-time detects intrusions inside the network, data center, and cloud before the data is breached. Leveraging high-interaction deception techniques, the Attivo BOTsink® Solution lures BOTs and APTs to reveal themselves, without generating false positives. Designed for efficiency, there are no dependencies on signatures, database lookup or heavy computation to detect and defend against cyber threats. Attivo solutions capture full forensics and provide the threat intelligence to shut down current and protect against future attacks.

Follow Attivo Networks: Twitter and Linked In


Gary Thompson
Clarity Communications
415-963-4082 ext. 101
[email protected]

Read more about:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights