Attivo Networks has announced that its Attivo ThreatDefend now integrates with the McAfee ePolicy Orchestrator platform to provide a comprehensive solution for advanced threat management and response. This technology integration combines the Attivo ThreatDefend Platform with the McAfee ePO console for increased detection of in-network threats and detailed attack forensics and accelerated incident response. Additionally, the company has joined the McAfee Security Innovation Alliance (SIA) partner program. Under the SIA program, the companies will work together to integrate ThreatDefend technology with McAfee Advanced Threat Defense, providing customers an adaptive defense solution to combat modern day advanced threats.
The Attivo Networks ThreatDefend Platform creates an in-network deception environment designed to outmaneuver modern-day attackers and deceive them into revealing their presence. Changing the balance of power the platform makes the entire network a trap and creates a setting where what is real and what is not becomes unclear to the attacker. One wrong move and the attacker’s presence is exposed. High-interaction network and end-point deception lures and decoys reduce time to detection, while automated attack analysis, high-fidelity alerts, third-party integrations, and playbooks accelerate incident response. Visibility tools provide attack path vulnerability assessments and time-lapsed replays, empowering teams with insight into attacker lateral movement and security gaps. With the ThreatDefend solution, customers can conveniently start with base detection capabilities and expand platform usage based upon their business requirements.
Attivo ThreatDefend technology integration with McAfee ePO ensures a frictionless deployment of the Attivo ThreatStrike suite across multiple endpoints simultaneously. When attackers attempt to harvest deceptive credentials, extract information or attempt to encrypt mapped drives, they are directed to the Attivo BOTsink engagement server’s automated threat analysis (ATA) engine, which identifies the infected system, captures the Tools, Techniques, Procedures (TTP), and relays an engagement-based alert to the McAfee ePO, arming security teams with critical information to promptly quarantine infected systems and mitigate ongoing risks.
The compatibility certification also includes Attivo ThreatDefend platform integration with McAfee Enterprise Security Manager where the combined solution enhances the value to an organisation’s threat management infrastructure through streamlined information sharing and response automation. This joint solution provides visibility and control over security events by helping cut through the noise of billions of logged events, in turn empowering prioritisation of critical incidents and early response and remediation to high-fidelity alerts leading to a reduction in the organisation’s risk of breaches and data loss.
“Together, these solutions empower customers to continuously monitor their network health, gauge anomalies in real-time, and automate incident response,” said Attivo Networks CEO, Tushar Kothari. “This certification serves as validation, that the solution has passed rigorous compatibility testing and is ready for enterprise grade deployment. We are also excited to be a part of the McAfee Security Innovation Alliance program, where we can work together to help customers build an adaptive security defense against advanced threats.”
As part of the commitment by Attivo Networks and McAfee to provide advanced security solutions to protect against cyber threats, the unified solution is designed to both expand centralised visibility and management of attacks and drive continuous improvements that help detect new threats faster and enable automated workflows to rapidly correct them.