Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Attivo Networks

Attivo Networks®, the leader in identity detection and response, delivers a superior defense for preventing privilege escalation and lateral movement threat activity. Customers worldwide rely on the ThreatDefend® Platform for unprecedented visibility to risks, attack surface reduction, and attack detection. The portfolio provides patented innovative defenses at critical points of attack, including at endpoints, in Active Directory, and cloud environments. Data concealment technology hides critical AD objects, data, and credentials, eliminating attacker theft and misuse, particularly useful in a Zero Trust architecture. Bait and misdirection efficiently steer attackers away from production assets, and deception decoys obfuscate the attack surface to derail attacks. Forensic data, automated attack analysis, and automation with third-party integrations serve to speed threat detection and streamline incident response. ThreatDefend capabilities tightly align to the MITRE ATT&CK Framework, and deception and denial are now integral parts of NIST Special Publications and MITRE Shield active defense strategies. Attivo has 150+ awards for technology innovation and leadership.

Our Website:

Latest Content From Attivo Networks

Whitepaper: Improve MITRE ATT&CK Test Results for Endpoint Security Using Deception

by Attivo NetworksJan 13, 2021

As part of its support for ATT&CK®, MITRE recently began evaluating vendor products, as a neutral authority, by testing the ability of specific solutions to detect inbound attacks based on the framework. While MITRE does not rate or recommend tools, the methodology serves as a useful benchmark for comparison. MITRE's evaluation methodology and evaluation results are all publicly available on the MITRE website.

Using this data, Attivo Networks® conducted a study to evaluate how endpoint security solutions performed within the MITRE evaluations individually and how the performance improved when used in conjuction with the Attivo EDN suite, based on existing capability mappings and the methodology provided. Attivo Networks completed evaluations using the MITRE ATT&CK® DIY Assessment tool for both the APT3 and APT29.

In this report, Dr. Edward Amoroso, CEO of TAG Cyber, outlines the results of a recent round of MITRE ATT&CK® testing performed for four top endpoint security tools. It presents and overview of the MITRE process, along with results for augmenting several endpoint security tools with a commercial deception solution from Attivo Networks, which produced an average increase of 42% in detection rate.

Whitepaper: Attivo Networks MITRE Shield Mapping

by Attivo NetworksJan 13, 2021

MITRE has launched a knowledge base named Shield that captures capabilities surrounding Active Defense and adversary engagements. The very first publication of this knowledge base is in the form of a matrix listing capabilities for Active Defense. Shield complements the MITRE ATT&CK knowledgebase (Adversarial Tactics, Techniques, and Common Knowledge), which is a highly-regarded tool in the Threat Intelligence Community for modeling cybersecurity threats. From a defender's perspective, the ATT&CK matrix provides a data model of how one should protect their enterprise against cybersecurity threats. Meanwhile, the Shield matrix provides the capabilities a defender must build for an Active Defense and adversary engagement in a post-breach situation.

Attivo evaluated its ThreatDefend® Platform capabilities against all Active Defense techniques and use cases documented per technique in the MITRE Shield Knowledge base. Download this paper to learn how the ThreatDefend components provide the building blocks needed for an Active Defense strategy.

Whitepaper: Accelerating SolarWinds Incident Response for Rapid Lateral Movement Detection

by Attivo NetworksJan 13, 2021

The SolarWinds breach is a prime example of an ongoing supply chain breach, and one should be aware that this has happened in the past and will happen again. As with any breach, discovering an attacker inside the network is extremely alarming. The focus should be to detect the attacker's attempts to move laterally in the network, evaluate their privileges, minimize their window of opportunity, and shut them out as fast as possible. This latest compromise with SolarWinds has magnified the impact as all their customers inherited the backdoor by following industry best practices to keep their software updated.

Download this solutions brief for more visibility on the anatomy of the attack and how Attivo Networks solutions can help

Whitepaper: Attivo Networks in a Zero Trust Architecture

by Attivo NetworksJan 13, 2021

As organizations increasingly move to cloud services, have more work locations, adopt Bring-Your-Own-Devices policies, and deploy Internet of Things (IoT) devices into their networks, their traditional way to protect a network perimeter must change. The castle-and-moat model of hardening network perimeters to prevent a compromise can no longer effectively provide security in a world of increasingly advanced and sophisticated threats. The Zero Trust model of security arose to address these threats.

Implementing a fully executed Zero Trust architecture is likely beyond the reach of most organizations today. However, by starting with individual capabilities that operate in complementary layers within the Zero Trust model, organizations will realize many benefits from an architecture built on conditional access control.

Most organizations will start Zero Trust with a focus on users and devices. Attivo Networks adds another layer of access control that focuses on applications and data to protect authorizations. The company's Zero Trust architecture, particularly in areas of data trust and application trust. Its deception and concealment technologies add a layer of controlled access management for organizations to validate user access to data and resources beyond the initial authorization.

Whitepaper: Calculating ROI for Attivo Deception and Concealment Technology

by Attivo NetworksJan 13, 2021

Today's information security landscape demands a layered defense but justifying the value of any single security control is always a challenge. As security professionals, CFOs, and other vital decision-makers recognize, there is no such thing as a silver bullet or a one-size-fits-all solution.

However, as shown by evaluating the Attivo solutions with the MITRE ATT&CK® and Shield frameworks, there is a demonstrable boost in performance and detection coverage.

Attivo's deception and concealment technologies can provide real, tangible, bottom-line benefits to organizations that choose to use them. This paper provides a comprehensive overview of the benefits and cost savings achieved through the use of Attivo Networks solutions.

Whitepaper: Supply Chain Attack Detection

by Attivo NetworksMar 08, 2021

As organizations continue to embrace the third-party vendors for software and applications, they expose themselves to potential risks in their supply chain. New types of attacks increase the risks associated with a supply chain attack considerably. Attackers have more resources and tools at their disposal than ever before, creating the perfect storm.
Whether big or small, every organization should thoroughly review its security landscape and implement supply chain security strategies. As software gets integrated into every third-party product and solution, it is essential to identify any potential weaknesses in a system and implement best-in-class solutions that mitigate the evolving threat landscape.

Whitepaper: Active Directory Protection Checklist

by Attivo NetworksMar 08, 2021

The Active Directory (AD) environment is a primary target for attackers. However, protecting AD is a daunting task, made more difficult because AD administrators must balance operational requirements with restrictive security measures. Many solutions exist that can secure the AD infrastructure, but identifying the right solution that meets the risk profile for a particular organization can be challenging. Use this checklist to evaluate current AD security procedures to identify risks and gaps. Compare them against solution capabilities to address specific requirements.

Whitepaper: Get Continuous Visibility to Active Directory Exposures and Live Attacks

by Attivo NetworksApr 23, 2021

Active Directory is a Microsoft product consisting of several services to administer permissions and access to networked resources on a Windows Network. Because it's the primary source of information for all enterprise resources and seamlessly integrates business applications, it's a high-value target for attackers.

Download this report to find out how you can achieve ongoing visibility into critical domain, computer, and user-level exposures and monitoring of Active Directory for activities that signify a possible attack.

Whitepaper: Build an Active Defense Strategy with MITRE Shield and Deception Technology

by Attivo NetworksApr 23, 2021

The MITRE Shield matrix lists capabilities that help an enterprise to change an attack engagement from a defensive play to an offensive play. These range from basic defensive capabilities to cyber deception and adversary engagement operations. In this paper, Attivo evaluates the ThreatDefend® platform against all Active Defense techniques and use cases documented per technique by the MITRE Shield knowledge base to illustrate its comprehensive coverage.

Whitepaper: Defend Against Credential-based & Privilege Escalation Attacks

by Attivo NetworksSep 08, 2021

Giving the right user secure access to a system, resource, application, or network hinges on one thing — accurately confirming the user's identity. Organizations often rely on directory services such as Active Directory (AD) to authorize account access verifying a username and password combination. The problem is the attackers can steal and misuse these credentials for malicious purposes, and the organization would never know. Since the credential is valid, the attacker gains access to everything the legitimate user has access to. If attackers steal credentials that have higher privileges to resources in the network, they can cause much damage.

To protect against credential-based attacks, organizations have implemented solutions such as Multifactor Authentication or Privileged Access Management that seek to curtail unauthorized access. However, these solutions still have gaps. Learn how to efficiently protect against credential-based and privilege escalation attacks in this paper.