Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Attivo Networks

Attivo Networks®, the leader in lateral movement attack detection and privilege escalation prevention, delivers a superior defense for countering threat activity. Through cyber deception and other tactics, the Attivo ThreatDefend® Platform offers a customer-proven, scalable solution for denying, detecting, and derailing attackers and reducing attack surfaces without relying on signatures. The portfolio provides patented innovative defenses at critical points of attack, including at endpoints, in Active Directory, in the cloud, and across the entire network by preventing and misdirecting attack activity. Forensics, automated attack analysis, and third-party integrations streamline incident response. Deception as a defense strategy continues to grow and is an integral part of NIST Special Publications and MITRE® Shield, and its capabilities tightly align to the MITRE ATT&CK® Framework. Attivo has won over 130 awards for its technology innovation and leadership.

Our Website:

Latest Content From Attivo Networks

Whitepaper: Improve MITRE ATT&CK Test Results for Endpoint Security Using Deception

by Attivo NetworksJan 13, 2021

As part of its support for ATT&CK®, MITRE recently began evaluating vendor products, as a neutral authority, by testing the ability of specific solutions to detect inbound attacks based on the framework. While MITRE does not rate or recommend tools, the methodology serves as a useful benchmark for comparison. MITRE's evaluation methodology and evaluation results are all publicly available on the MITRE website.

Using this data, Attivo Networks® conducted a study to evaluate how endpoint security solutions performed within the MITRE evaluations individually and how the performance improved when used in conjuction with the Attivo EDN suite, based on existing capability mappings and the methodology provided. Attivo Networks completed evaluations using the MITRE ATT&CK® DIY Assessment tool for both the APT3 and APT29.

In this report, Dr. Edward Amoroso, CEO of TAG Cyber, outlines the results of a recent round of MITRE ATT&CK® testing performed for four top endpoint security tools. It presents and overview of the MITRE process, along with results for augmenting several endpoint security tools with a commercial deception solution from Attivo Networks, which produced an average increase of 42% in detection rate.

Whitepaper: Attivo Networks MITRE Shield Mapping

by Attivo NetworksJan 13, 2021

MITRE has launched a knowledge base named Shield that captures capabilities surrounding Active Defense and adversary engagements. The very first publication of this knowledge base is in the form of a matrix listing capabilities for Active Defense. Shield complements the MITRE ATT&CK knowledgebase (Adversarial Tactics, Techniques, and Common Knowledge), which is a highly-regarded tool in the Threat Intelligence Community for modeling cybersecurity threats. From a defender's perspective, the ATT&CK matrix provides a data model of how one should protect their enterprise against cybersecurity threats. Meanwhile, the Shield matrix provides the capabilities a defender must build for an Active Defense and adversary engagement in a post-breach situation.

Attivo evaluated its ThreatDefend® Platform capabilities against all Active Defense techniques and use cases documented per technique in the MITRE Shield Knowledge base. Download this paper to learn how the ThreatDefend components provide the building blocks needed for an Active Defense strategy.

Whitepaper: Accelerating SolarWinds Incident Response for Rapid Lateral Movement Detection

by Attivo NetworksJan 13, 2021

The SolarWinds breach is a prime example of an ongoing supply chain breach, and one should be aware that this has happened in the past and will happen again. As with any breach, discovering an attacker inside the network is extremely alarming. The focus should be to detect the attacker's attempts to move laterally in the network, evaluate their privileges, minimize their window of opportunity, and shut them out as fast as possible. This latest compromise with SolarWinds has magnified the impact as all their customers inherited the backdoor by following industry best practices to keep their software updated.

Download this solutions brief for more visibility on the anatomy of the attack and how Attivo Networks solutions can help

Whitepaper: Attivo Networks in a Zero Trust Architecture

by Attivo NetworksJan 13, 2021

As organizations increasingly move to cloud services, have more work locations, adopt Bring-Your-Own-Devices policies, and deploy Internet of Things (IoT) devices into their networks, their traditional way to protect a network perimeter must change. The castle-and-moat model of hardening network perimeters to prevent a compromise can no longer effectively provide security in a world of increasingly advanced and sophisticated threats. The Zero Trust model of security arose to address these threats.

Implementing a fully executed Zero Trust architecture is likely beyond the reach of most organizations today. However, by starting with individual capabilities that operate in complementary layers within the Zero Trust model, organizations will realize many benefits from an architecture built on conditional access control.

Most organizations will start Zero Trust with a focus on users and devices. Attivo Networks adds another layer of access control that focuses on applications and data to protect authorizations. The company's Zero Trust architecture, particularly in areas of data trust and application trust. Its deception and concealment technologies add a layer of controlled access management for organizations to validate user access to data and resources beyond the initial authorization.

Whitepaper: Calculating ROI for Attivo Deception and Concealment Technology

by Attivo NetworksJan 13, 2021

Today's information security landscape demands a layered defense but justifying the value of any single security control is always a challenge. As security professionals, CFOs, and other vital decision-makers recognize, there is no such thing as a silver bullet or a one-size-fits-all solution.

However, as shown by evaluating the Attivo solutions with the MITRE ATT&CK® and Shield frameworks, there is a demonstrable boost in performance and detection coverage.

Attivo's deception and concealment technologies can provide real, tangible, bottom-line benefits to organizations that choose to use them. This paper provides a comprehensive overview of the benefits and cost savings achieved through the use of Attivo Networks solutions.