FREMONT, CA--(Marketwired - Dec 14, 2015) - Attivo Networks®, an innovator in deception technology for cyber security defense, today announced that its deception-based Attivo BOTsink® solution is now available as an integrated solution with McAfee® Network Security Platform (NSP). The BOTsink solution will add insight into McAfee Network Security Platform providing additional and detailed forensic information on attacker methods and malicious domains. It also provides Snort signatures based on Botnet methods and behavior that can be used to block infected systems from exfiltrating valuable company data or other malicious activities. Attivo also announced that it has joined the Intel® Security Innovation Alliance™ partner program. Under the Innovation Alliance program, Attivo and Intel Security will work together to drive continuous improvement and integrations to simplify an organization's ability to quickly detect, block, quarantine, and remediate against cyber threats.
The Attivo deception platform provides an additional line of cyber defense by detecting inside-the-network threats. Once an attacker is engaged, the events are fed into the Attivo multidimensional correlation engine to generate an attack sequence. As part of this process, the Attivo BOTsink will let the attack continue and talk to the Command and Control (C&C) server through its sinkhole so the attack sequence can be played out and an attacker's methods understood. As the forensic data is collected, the information can be added to McAfee Network Security Platform so that the infection can be isolated and corrective actions taken. This process can be applied to gain an additional understanding of zero-day attacks, HTTPs, and the increasingly challenging issue of phishing.
Phishing has become a favorite method to exploit unsuspecting employees. Social networking had made it easy for attackers to send targeted mail to victims with high rates of engagement success. A benefit of the Intel Security and Attivo integration is the ability to redirect employee C&C communications to the BOTsink solution where access of URL's in a phishing email or malware downloads can be simulated in a controlled sandbox environment. This will enable organizations to determine if the email is malicious and to gain a better understanding of the phisher's intent.
"The Attivo technology brings complementary functionality to McAfee Network Security Platform by providing access to forensic evidence helpful in isolating and responding to a cyber-attack," said D.J. Long, Head of the Intel Security Innovation Alliance. "With the Attivo BOTsink deception platform, our joint customers have access to additional forensic data and reporting that can help them determine an attacker's objectives more quickly and to respond to the attack as needed."