BOTsink 7500: Powerful Decoy Server for complex networks. Attivo Networks has added a high-end model to its BOTsink family for network-based threat detection.
Attivo's BOTsink servers offer security officers the opportunity to detect, analyze and combat network-based attacks. They complement Attivo's EDN (Endpoint Detection Net) suite to combat attacks based on access data.
As an early warning system within the network, BOTsink identifies threats that have escaped other security controls. The solution precisely detects the lateral movement of attackers without having to rely on known attack patterns or signatures, thus preventing the escalation of privileges, for example. Using dynamic deception techniques and a matrix of distributed deception systems, BOTsink turns the entire network into a trap designed to detect and stop attackers and their automated tools.
Lure attackers on the wrong track
The Attivo solution simulates attractive assets to attackers, which cannot be distinguished from real ones and which serve to mislead an attacker. The Decoy servers have complete operating systems and provide services, and the operators can equip them with particularly interesting baits that can be integrated into other network components. Ready-to-use deception campaigns cover a wide variety of attack vectors and include configurations that appear identical to production servers, endpoints, industrial control systems, IoT, point-of-sale or VOIP systems, and infrastructure components.
BOTsink Dashboard shows the current status of ongoing attacks (Image: Attivo Networks).
As soon as an attack is detected, the system analyzes its movement, methods and actions and generates very reliable warning messages and visual maps as well as a replay of the attack. This gives the security teams the adversarial information they need to fully understand the attack and analyze the root cause. BOTsink delivers in-depth alerts with all the details needed to handle and respond to incidents, in a format designed for optimal attack intelligence sharing and forensic reporting.
Highly scalable
BOTsink 7500 is the new flagship of the BOTsink family and supports a maximum of 20.000 endpoints and up to 150 VLANs with 2.000 dummy IPs, but can also be scaled beyond that using ThreatDirect technology. Depending on their needs, users can configure a pure Windows, a pure Linux or a mixed environment, whereby server and client VMs are made available. Operators can replace all native operating systems with custom “golden images”, saving a lot of resources.