TrustRadius: an HG Insights company

Attivo BOTsink

Score8.3 out of 10

3 Reviews and Ratings

What is Attivo BOTsink?

Attivo BOTsink is a deception-based threat detection and response platform designed to identify and respond to cyber threats in real-time. According to the vendor, this solution creates a decoy environment that redirects attackers away from critical assets, allowing for early detection and analysis of their activities. Attivo BOTsink is suitable for organizations of all sizes, including small businesses and large enterprises. It is commonly used by IT security professionals, Security Operations Center (SOC) analysts, network administrators, as well as industries such as financial services and healthcare.

Read more details.

Videos

Who Buys & Uses Attivo BOTsink

Most Frequent Users

Top 1 industries using Attivo BOTsink.

Based on HG Insights installation data
Powered by
View all Reviews

Attivo BoTsink prevents attacks over large attack surfaces

Use Cases and Deployment Scope

Normally any threat in the network persists due to lateral movement and Attivo BoTsink detects exactly that and helps in machine learning based behaviour and blocking of threats. It projects decoys in such a way that it's difficult to distinguish with real assets of enterprise. This deception technique covers wide variety of attack surfaces and configurations for identical appearance

Pros

  • Detection of lateral movement
  • Deceptive projection of assets identical to production systems
  • Blocks threats over large attack surfaces
  • It helped reduce efforts of Cyber Security team by 20%

Cons

  • More fine tuning of threat detection capabilities needed
  • Users should be able to modify AIML configuration
  • Improving the display dashboard

Most Important Features

  • Automated deployment
  • Detailed root cause analysis
  • Accelerated incident response

Return on Investment

  • Helped reduce 20% of Security teams time in threat detection
  • Reduction of 40% of attacks
  • Automated deployment helped in improving efficiency of the team by 30%

Alternatives Considered

SentinelOne Singularity and Zscaler Deception

Other Software Used

SentinelOne Singularity, Zscaler Deception, Smokescreen IllusionBlack, from Zscaler

Attivo BOTsink-Detect network security threats in real time

Use Cases and Deployment Scope

We use Attivo BOTsink to detect network security events and to identify unusual behavior. Some behaviors which Attivo BOTsink has detected are MITM attacks, directory enumeration, TCP scans, and other network scanning procedures.

Pros

  • Identifies devices
  • Provides threat details in real time
  • Provides network topology with potential threat paths

Cons

  • Dashboard is difficult to navigate
  • Configuring alerts is time consuming
  • Many false positives

Most Important Features

  • Live decoys machines to detect threats
  • ThreatPath
  • ThreatStrike - decoy user accounts

Return on Investment

  • Advanced reporting has saved from hiring additional personnel to monitor security threats
  • Real time identification of threats saves response time from actual breach
  • Third-party needed to be leveraged to help configure Attivo BOTsink

Other Software Used

ADAssessor, Arctic Wolf Managed Risk, Sophos Intercept X for Server, Sophos Intercept X, Cisco DNA Center, Cisco DNA Spaces, FortiClient, FortiMail