Founded in 2011, Attivo has built a comprehensive deception platform, which in real-time detects inside-the-network intrusions in networks, public and private data centers, and Industrial Control System (ICS) SCADA devices. Founded on the premise that even the best security systems cannot prevent all attacks, Attivo provides the required visibility and actionable, substantiated alerts to detect, isolate, and defend against cyber attacks. Unlike prevention systems, Attivo assumes the attacker is inside the network and uses high-interaction end point, server, and application deception lures placed ubiquitously across the network to deceive BOTs/APTs into revealing themselves. With no dependencies on signatures or attack pattern matching, the BOTsink deception server is designed to detect APTs, HTTPS, zero-day, and stolen credential attacks. The Attivo AMR engine captures and analyzes attacker IPs, methods, and actions that can then be viewed in the Attivo Threat Intelligence Dashboard, can be exported in IOC, PCAP, STIX, CSV formats, or can be automatically updated into SIEM and prevention systems for infection blocking, isolation, and remediation.
Fremont, CA, 94539