Attivo BOTsink

Normally any threat in the network persists due to lateral movement and Attivo BoTsink detects exactly that and helps in machine learning based behaviour and blocking of threats. It projects decoys in such a way that it's difficult to distinguish with real assets of enterprise. This deception technique covers wide variety of attack surfaces and configurations for identical appearance

It is best suited when deployed at perimeter and integrated with SIEM and SOAR solution. It will be able to replicate assets and display realistic configurations making difficult for hackers. We were able to avoid or block 40% of attacks targetted to our critical servers and could easily identify threat actors.

We use Attivo BOTsink to detect network security events and to identify unusual behavior. Some behaviors which Attivo BOTsink has detected are MITM attacks, directory enumeration, TCP scans, and other network scanning procedures.

Attivo BOTsink is a great network security tool for organizations that may not have a dedicated security team, but need to have threats reported in real time. It seems well suited for medium to large sized organizations that may have several subnets, VLANs, and remote locations.