Attivo Networks BOTsink™ System

Attivo Networks BOTsink™ System
Detects and Engages APTs and BOTs
Attivo introduces a new paradigm in security that
complements and augments your existing security
infrastructure—our technology lures, detects,
engages, and analyzes APT and BOT attacks on
your network.
APT and BOT Detection & Engagement
Cloud
Firewall, IDS/IPS
Sandbox
BOTsink
End Point Security
(ON DEVICE)
Fast / Easy Deployment
• VM based honeynet to attract APTs and BOTs
• Configure unused IPs and subnets
• Detects both scanning and targeted types of attack
• Provides multiple presence in 100s of subnets
• Engages with hosted services and apps
• DHCP support
• Provides concise and actionable data
• Define white list
• Minimize the chances of APT or BOT outbreak
• Define log forwarder
Captures
Simple & Scalable
• User login anomalies
• Self-monitoring and self-healing
• Brute force login attacks
• Pre-configured
• Dropped payload
• Hosts virtual machines/servers and services
• Outbound network activity to C&C servers
• DNS sinkhole / Sinkhole ProxyIOC and STIC ports
• Traps external communication into a Sinkhole while
allowing lateral infection
• Collect & export events/data through syslog integration
Attivo’s BOTsink System is an on-premise and data center APT
and BOT security appliance/VM designed to augment your
existing security systems. The Attivo BOTsink System securely
engages APTs and BOTs as they begin scanning, targeting and
probing network clients, servers, and services and then traps
their activity. Once contained, the APTs and BOTs will not be
able to communicate. The Attivo BOTsink System captures and
catalogues all attempted communications and propagation
activity for future forensics using our Analyze, Monitor and
Record (AMR) Engine that feeds events to our patented MultiDimensional Correlation Engine to generate attack sequence.
Captures All BOT and APT Activity
BOTsink Systems are deployed on any subnet that has high
value systems targeted by BOTs and APTs for IP and data theft or
systems that host BYODs. The BOTsink System identifies infected
hosts mounting attacks, reports the time, type and anatomy
of the attack to enable immediate remedial action, and
gives visibility into the life cycle of the BOT. The BOTsink System
emulates the most commonly attacked network services and
hosts hundreds of IP addresses to quickly attract and identify
BOTs.
© 2015 Attivo Networks. All rights reserved.
NETWORK PROTECTION
Minimize APT and BOT infections targeting network servers
and clients as they infiltrate the network. The Attivo BOTsink
System emulates key network services across multiple virtual
machines and IP addresses to detect APT and BOTs before
they compromise your information.
ENGAGE APTs and BOTs BEFORE NETWORK DAMAGE
The Attivo BOTsink System engages APTs and BOTs—trapping
their activities, preventing communications, and stopping
their propagation.
ISOLATE COMMAND & CONTROL ACTIVITY
Even APTs and BOTs that are sleeper agents or time triggered
are captured within the Attivo BOTsink System. By default,
no outbound C&C activity can occur. Any attempts at
outbound C&C communication are captured for forensic
analysis.
www.attivonetworks.com
DS-2015.BOTSINKFAM-03.06
On-Premise Deployment
•Extracts actionable intelligence
• Sinkhole proxy
• Optional, allowing APT and BOT
traffic to C&C
• Centralized sinkhole
• Acts as a centralized sinkhole for
other security devices
Virtual Deployment
• VM version for cloud implementation
CLOUD SOLUTIONS
The Attivo BOTsink for VMware offers the same capabilities
and benefits as the on-premise appliance. Designed for
cloud server environments, it protects server farms against
BOTs brought in by your own or other residents.
• Deploy before/after to cloud
adoption
• Identifies infected VMs
• Provides same features as BOTsink
appliance
BOTsink 2500
BOTsink 5000
Virtual BOTsink for VMware
BOTsink IRES for Targeted Attacks
Ideal for
Small to Medium
Enterprise
Medium to Large
Enterprise
Medium to Large Enterprises
Any Size Enterprise using BOTsink
Solutions
Deployment
Options
Up to 16 VLANs
Up to 100 VLANs
Public or Private Clouds
V2500 - up to 25 VLANs
V5000 - up to 125 VLANs
Endpoints
100 node annual license per
endpoint
SKU#
ABS-2500-16
ABS-5000-100
ABSVMW-2500
ABSVMW-5000
ABS-IRES-100
Annual
Support
ABSSUP-2500
ABSSUP-5000
ABSSUP-2500
ABSSUP-5000
Covered under the BOTsink Annual
Support Agreement
Includes system service and support, firmware upgrades and updates
Note: Subject to change without notice. Not all features available at first release. Some features available on the BOTsink 5000 only.
Contact Attivo Networks for final specifications.
47697 Westinghouse Dr.
Fremont, CA 94539
Phone 555.543.5432
© 2015 Attivo Networks. All rights reserved.
www.attivonetworks.com
BOTsink and Attivo Networks are registered trademarks of Attivo Networks, Inc.
DS-2015.BOTSINKFAM-03.06