TrustRadius: an HG Insights company

Attivo Endpoint Detection Net (EDN)

Score7 out of 10

6 Reviews and Ratings

Get a Demo

What is Attivo Endpoint Detection Net (EDN)?

The Attivo Endpoint Detection Net (EDN) is an agentless product designed to complement existing endpoint security solutions by detecting an attacker early in the attack cycle, preventing them from stealing credentials and establishing a foothold. The EDN product tackles endpoint security challenges head-on by making every endpoint a decoy, designed to disrupt an attacker’s ability to break out and further infiltrate the network.

Categories & Use Cases

Key Features

Learn about the best (and worst!) features Attivo Endpoint Detection Net (EDN) has to offer, as determined by TrustRadius' reviewers.
Based on 6 ratings of Attivo Endpoint Detection Net (EDN)'s features
View all features

Top Performing Features

  • Centralized Management

    Centralized management supporting multi-factor authentication, customized views, and role-based access control.

    Category average: 8.5

  • Anti-Exploit Technology

    In-memory and application layer attack blocking (e.g. ransomeware)

    Category average: 8.6

  • Vulnerability Management

    Vulnerability prioritization for fixes.

    Category average: 8.3

Areas for Improvement

  • Infection Remediation

    Capability to quarantine infected endpoint and terminate malicious processes.

    Category average: 8.8

  • Endpoint Detection and Response (EDR)

    Continuous monitoring and response to advanced internet threats by endpoint agents.

    Category average: 9.1

  • Hybrid Deployment Support

    Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.

    Category average: 8.3

Reviews

What users are saying about Attivo Endpoint Detection Net (EDN).
View all reviews

Attivo Endpoint Detection Net (EDN)! The sweetest honeypot amongst all

Incentivized
Nishant AggarwalView profile
Senior Threat Hunting & Intelligence Analyst in Information Technology at Mannai Corporation QPSC (5001-10,000 employees employees)

Use Cases and Deployment Scope

We are using Attivo Endpoint Detection Net (EDN) to deploy breadcrumbs/deceptive tokens at production endpoints to mimic the servers and data residing on servers. Furthermore we have used Attivo Endpoint Detection Net (EDN) to build profiles to setup decoy environment on our production servers. through Attivo Endpoint Detection Net (EDN) we have mapped deflect profile to deflect malicious communication to engagement virtual machines.

Pros

  • To mimic production servers to deceive attackers
  • To detect the lateral movements of adversary through machine learning algorithms
  • To feed dummy data on production servers through threat strike feature

Cons

  • Attivo Endpoint Detection Net (EDN) should have capability for getting forensics packages from compromised systems in my opinion.
  • I believe Auto phishing email detection capability should be improved to meet industry requirements to tackle phishing attack vector
  • Malware detection capabilities should be improved to work to kernel level for better visibility in my opinion.

Return on Investment

  • Attivo Endpoint Detection Net (EDN) helps to protect information hence Attivo Endpoint Detection Net (EDN) is securing sensitive data therefore ROI is better as loosing the data is much more costlier as per Business Impact Analysis.
  • In small organization ROI is not effective as cost of Attivo Endpoint Detection Net (EDN) is a bit high and data being protected through EDN is not high value asset in my opinon.
  • It is a better technology to detect cyber threats so anyway it is recommended to use for better security posture.

Alternatives Considered

Red Canary, FortiDeceptor and CounterCraft

Other Software Used

Arbor Sightline, FortiAnalyzer, Vectra Threat Detection & Response Platform