Attivo Networks BOTsink™ System Detects and Engages APTs and BOTs Attivo introduces a new paradigm in security that complements and augments your existing security infrastructure—our technology lures, detects, engages, and analyzes APT and BOT attacks on your network. APT and BOT Detection & Engagement Cloud Firewall, IDS/IPS Sandbox BOTsink End Point Security (ON DEVICE) Fast / Easy Deployment • VM based honeynet to attract APTs and BOTs • Configure unused IPs and subnets • Detects both scanning and targeted types of attack • Provides multiple presence in 100s of subnets • Engages with hosted services and apps • DHCP support • Provides concise and actionable data • Define white list • Minimize the chances of APT or BOT outbreak • Define log forwarder Captures Simple & Scalable • User login anomalies • Self-monitoring and self-healing • Brute force login attacks • Pre-configured • Dropped payload • Hosts virtual machines/servers and services • Outbound network activity to C&C servers • DNS sinkhole / Sinkhole ProxyIOC and STIC ports • Traps external communication into a Sinkhole while allowing lateral infection • Collect & export events/data through syslog integration Attivo’s BOTsink System is an on-premise and data center APT and BOT security appliance/VM designed to augment your existing security systems. The Attivo BOTsink System securely engages APTs and BOTs as they begin scanning, targeting and probing network clients, servers, and services and then traps their activity. Once contained, the APTs and BOTs will not be able to communicate. The Attivo BOTsink System captures and catalogues all attempted communications and propagation activity for future forensics using our Analyze, Monitor and Record (AMR) Engine that feeds events to our patented MultiDimensional Correlation Engine to generate attack sequence. Captures All BOT and APT Activity BOTsink Systems are deployed on any subnet that has high value systems targeted by BOTs and APTs for IP and data theft or systems that host BYODs. The BOTsink System identifies infected hosts mounting attacks, reports the time, type and anatomy of the attack to enable immediate remedial action, and gives visibility into the life cycle of the BOT. The BOTsink System emulates the most commonly attacked network services and hosts hundreds of IP addresses to quickly attract and identify BOTs. © 2015 Attivo Networks. All rights reserved. NETWORK PROTECTION Minimize APT and BOT infections targeting network servers and clients as they infiltrate the network. The Attivo BOTsink System emulates key network services across multiple virtual machines and IP addresses to detect APT and BOTs before they compromise your information. ENGAGE APTs and BOTs BEFORE NETWORK DAMAGE The Attivo BOTsink System engages APTs and BOTs—trapping their activities, preventing communications, and stopping their propagation. ISOLATE COMMAND & CONTROL ACTIVITY Even APTs and BOTs that are sleeper agents or time triggered are captured within the Attivo BOTsink System. By default, no outbound C&C activity can occur. Any attempts at outbound C&C communication are captured for forensic analysis. www.attivonetworks.com DS-2015.BOTSINKFAM-03.06 On-Premise Deployment •Extracts actionable intelligence • Sinkhole proxy • Optional, allowing APT and BOT traffic to C&C • Centralized sinkhole • Acts as a centralized sinkhole for other security devices Virtual Deployment • VM version for cloud implementation CLOUD SOLUTIONS The Attivo BOTsink for VMware offers the same capabilities and benefits as the on-premise appliance. Designed for cloud server environments, it protects server farms against BOTs brought in by your own or other residents. • Deploy before/after to cloud adoption • Identifies infected VMs • Provides same features as BOTsink appliance BOTsink 2500 BOTsink 5000 Virtual BOTsink for VMware BOTsink IRES for Targeted Attacks Ideal for Small to Medium Enterprise Medium to Large Enterprise Medium to Large Enterprises Any Size Enterprise using BOTsink Solutions Deployment Options Up to 16 VLANs Up to 100 VLANs Public or Private Clouds V2500 - up to 25 VLANs V5000 - up to 125 VLANs Endpoints 100 node annual license per endpoint SKU# ABS-2500-16 ABS-5000-100 ABSVMW-2500 ABSVMW-5000 ABS-IRES-100 Annual Support ABSSUP-2500 ABSSUP-5000 ABSSUP-2500 ABSSUP-5000 Covered under the BOTsink Annual Support Agreement Includes system service and support, firmware upgrades and updates Note: Subject to change without notice. Not all features available at first release. Some features available on the BOTsink 5000 only. Contact Attivo Networks for final specifications. 47697 Westinghouse Dr. Fremont, CA 94539 Phone 555.543.5432 © 2015 Attivo Networks. All rights reserved. www.attivonetworks.com BOTsink and Attivo Networks are registered trademarks of Attivo Networks, Inc. DS-2015.BOTSINKFAM-03.06
© Copyright 2024