Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Attivo Networks

Attivo Networks®, the leader in identity detection and response, delivers a superior defense for preventing privilege escalation and lateral movement threat activity. Customers worldwide rely on the ThreatDefend® Platform for unprecedented visibility to risks, attack surface reduction, and attack detection. The portfolio provides patented innovative defenses at critical points of attack, including at endpoints, in Active Directory, and cloud environments. Data concealment technology hides critical AD objects, data, and credentials, eliminating attacker theft and misuse, particularly useful in a Zero Trust architecture. Bait and misdirection efficiently steer attackers away from production assets, and deception decoys obfuscate the attack surface to derail attacks. Forensic data, automated attack analysis, and automation with third-party integrations serve to speed threat detection and streamline incident response. ThreatDefend capabilities tightly align to the MITRE ATT&CK Framework, and deception and denial are now integral parts of NIST Special Publications and MITRE Shield active defense strategies. Attivo has 150+ awards for technology innovation and leadership.

Our Website:

Latest Content From Attivo Networks

Whitepaper: Simple Solutions for Continuous Visibility to Active Directory Exposures & Live Attacks

by Attivo NetworksSep 08, 2021

Active Directory is a prime target during cyberattacks because it is the source of truth for all resources across the enterprise. Securing it should be top of mind for security professionals everywhere.

  • 90% of enterprises globally use Active Directory
  • Attackers target 95 million AD accounts daily
  • 80% of attacks include compromising AD
Attackers compromise endpoints and target data on the AD controllers to progress the attack, then use it to identify high-value targets, gain privileged access, and obtain domain dominance.

Traditional approaches, such as periodic Active Directory assessments or constant log analysis combined with SIEM correlation, are complicated, exhaustive, and expensive, often resulting in attacker activities going undetected. Organizations of all sizes need simple and inexpensive solutions for continuously assessing Active Directory cyber hygiene, identifying specific domain, computer, and user-level risks, and detecting live attacks on AD. Learn more in this solution brief.

Whitepaper: Identity Detection & Response (IDR) as a Solution for Identity-Based Attacks

by Attivo NetworksSep 08, 2021

Identity Detection and Response (IDR) is a new security category explicitly designed to protect identities and the systems that manage them. IDR is not a replacement but instead, a complement to Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Network Detection and Response (NDR), formerly known as Network Traffic Analysis, and other detection solutions.

IDR is unlike these other solutions in that it looks for credential theft, misuse, privilege escalation, and identity exposures that create attack opportunities. IDR fills a significant gap in the identity security landscape, differentiating itself from identity protection systems such as Identity and Access Management (IAM), Privilege Access Management (PAM), or Identity Governance and Administration (IGA) that secure authentication and authorization. It represents a significant step forward, marking the introduction of a new category of security solutions.

Whitepaper: Understanding the Most Common Lateral Movement Attack Tactics

by Attivo NetworksSep 08, 2021

Protecting against today's most dangerous lateral movement tactics is increasingly critical, especially with Active Directory (AD) as vulnerable as it is. Attackers use a wide range of strategies to move about undetected, developing their plan of attack within the network. For defenders, understanding the specific tactics attackers use is a critical part of lateral movement detection. Knowing the tactics and strategies outlined in this paper gives defenders a significant leg up to identify attackers and stop them in their tracks.

Whitepaper: Questions to Ask in Evaluating a Deception-Based Cybersecurity Solution

by Attivo NetworksSep 08, 2021

Deception technology focuses on in-network detection, closing visibility gaps, concealing sensitive and critical information, and misdirecting attacks away from production assets, thus giving defenders the advantage. When an organization is reviewing any cyber deception solution, there are some basic questions they need to address. While not all deception technologies are created equal, this guide should provide useful benchmarks to evaluate and assess any deception technology vendor in question against an organization's business and environmental needs (with a checklist to help assess the options).

Whitepaper: Defend Against Credential-based & Privilege Escalation Attacks

by Attivo NetworksSep 08, 2021

Giving the right user secure access to a system, resource, application, or network hinges on one thing — accurately confirming the user's identity. Organizations often rely on directory services such as Active Directory (AD) to authorize account access verifying a username and password combination. The problem is the attackers can steal and misuse these credentials for malicious purposes, and the organization would never know. Since the credential is valid, the attacker gains access to everything the legitimate user has access to. If attackers steal credentials that have higher privileges to resources in the network, they can cause much damage.

To protect against credential-based attacks, organizations have implemented solutions such as Multifactor Authentication or Privileged Access Management that seek to curtail unauthorized access. However, these solutions still have gaps. Learn how to efficiently protect against credential-based and privilege escalation attacks in this paper.

Whitepaper: Get Continuous Visibility to Active Directory Exposures and Live Attacks

by Attivo NetworksApr 23, 2021

Active Directory is a Microsoft product consisting of several services to administer permissions and access to networked resources on a Windows Network. Because it's the primary source of information for all enterprise resources and seamlessly integrates business applications, it's a high-value target for attackers.

Download this report to find out how you can achieve ongoing visibility into critical domain, computer, and user-level exposures and monitoring of Active Directory for activities that signify a possible attack.

Whitepaper: Build an Active Defense Strategy with MITRE Shield and Deception Technology

by Attivo NetworksApr 23, 2021

The MITRE Shield matrix lists capabilities that help an enterprise to change an attack engagement from a defensive play to an offensive play. These range from basic defensive capabilities to cyber deception and adversary engagement operations. In this paper, Attivo evaluates the ThreatDefend® platform against all Active Defense techniques and use cases documented per technique by the MITRE Shield knowledge base to illustrate its comprehensive coverage.

Whitepaper: Supply Chain Attack Detection

by Attivo NetworksMar 08, 2021

As organizations continue to embrace the third-party vendors for software and applications, they expose themselves to potential risks in their supply chain. New types of attacks increase the risks associated with a supply chain attack considerably. Attackers have more resources and tools at their disposal than ever before, creating the perfect storm.
Whether big or small, every organization should thoroughly review its security landscape and implement supply chain security strategies. As software gets integrated into every third-party product and solution, it is essential to identify any potential weaknesses in a system and implement best-in-class solutions that mitigate the evolving threat landscape.

Whitepaper: Active Directory Protection Checklist

by Attivo NetworksMar 08, 2021

The Active Directory (AD) environment is a primary target for attackers. However, protecting AD is a daunting task, made more difficult because AD administrators must balance operational requirements with restrictive security measures. Many solutions exist that can secure the AD infrastructure, but identifying the right solution that meets the risk profile for a particular organization can be challenging. Use this checklist to evaluate current AD security procedures to identify risks and gaps. Compare them against solution capabilities to address specific requirements.

Whitepaper: Attivo Networks MITRE Shield Mapping

by Attivo NetworksJan 13, 2021

MITRE has launched a knowledge base named Shield that captures capabilities surrounding Active Defense and adversary engagements. The very first publication of this knowledge base is in the form of a matrix listing capabilities for Active Defense. Shield complements the MITRE ATT&CK knowledgebase (Adversarial Tactics, Techniques, and Common Knowledge), which is a highly-regarded tool in the Threat Intelligence Community for modeling cybersecurity threats. From a defender's perspective, the ATT&CK matrix provides a data model of how one should protect their enterprise against cybersecurity threats. Meanwhile, the Shield matrix provides the capabilities a defender must build for an Active Defense and adversary engagement in a post-breach situation.

Attivo evaluated its ThreatDefend® Platform capabilities against all Active Defense techniques and use cases documented per technique in the MITRE Shield Knowledge base. Download this paper to learn how the ThreatDefend components provide the building blocks needed for an Active Defense strategy.