Business Driver: Attivo Networks ThreatDefend Platform


What happens if the prey becomes the predator?


The traditional Cybersecurity approach is to protect against all threats and try to ward off attackers. Another plan of attack is to use threat deception and decoys to provide alerts if and when company resources are being reconnoitred by possible aggressors. Being forewarned allows the attacker to be observed and provides the opportunity for administrators to identify, monitor and discover the targets sought, thereby limiting the potential for future attacks. This technique also helps administrators to formulate policy-based defences based on real-world scenarios and observations. Threat deception technology acts as an early warning system that strengthens defences and prevents successful attacks proactively.


Value Proposition: Attivo Networks ThreatDefend Platform


Strengthening defences and setting up triggers and alerts is another layer in security. Taking a proactive approach will risk mitigation may prevent serious damage or theft of sensitive data improving your security profile and providing a source of actionable alerts.


    • Act proactively using advanced telemetry and reconnaissance to detect and repel attack threats


    • Provide decoys and honeypots to discover if your network has been compromised


    • Generate customised threat strategies that attract attackers


    • Enable forensic examination of attack vectors, domicile, ingress and egress


Attivo Networks – ThreatDefend Platform Overview


Attivo Network’s ThreatDefend Platform is a collection off modular applications that link together to provide formidable protection against attack. The ThreatDefend Platform is comprised of a series of modules that deliver the following;


Detect anomalous behaviour quickly without false alerts

  • Credential theft and transit routes
  • Evolving threat landscape
  • Changing attack surface
  • Threats posed by insider and external entities or actors


Defend with rapid incident response


  • Forensic attack analysis
  • Verified alerts
  • Automated incident response
  • Visualise threat vector path and traversal

Attivo Networks ThreatDefend Platform Overview


The Attivo Networks ThreatDefend Platform is comprised of the following products;


BOTsink and ThreatDirect


A series of decoys used to deceive attackers across all active surface areas with the capability to extend deception into Cloud, distributed or micro-segmented environments.


ThreatStrike and ADSecure


Bait and lure attackers with endpoint deception designed to capture credential threat and mitigate ransomware attacks. ADSecure provides the means to protect Active Directory against data gathering and proactively intercept attacks in real-time.


ThreatOps and ThreatPath


Automate incident response with repeatable defence playbooks and visualise infrastructure traversal mapping attack paths and exposed credentials


Links and Resources