Attivo Endpoint Detection Net (EDN)! The sweetest honeypot amongst all
Rating: 7 out of 10
IncentivizedUse Cases and Deployment Scope
We are using Attivo Endpoint Detection Net (EDN) to deploy breadcrumbs/deceptive tokens at production endpoints to mimic the servers and data residing on servers. Furthermore we have used Attivo Endpoint Detection Net (EDN) to build profiles to setup decoy environment on our production servers. through Attivo Endpoint Detection Net (EDN) we have mapped deflect profile to deflect malicious communication to engagement virtual machines.
Pros
- To mimic production servers to deceive attackers
- To detect the lateral movements of adversary through machine learning algorithms
- To feed dummy data on production servers through threat strike feature
Cons
- Attivo Endpoint Detection Net (EDN) should have capability for getting forensics packages from compromised systems in my opinion.
- I believe Auto phishing email detection capability should be improved to meet industry requirements to tackle phishing attack vector
- Malware detection capabilities should be improved to work to kernel level for better visibility in my opinion.
Likelihood to Recommend
Attivo Endpoint Detection Net (EDN) is a suitable option in mid level and large companies to detect insider threats and stealthy attackers. It is highly recommended where data is highly sensitive and there are chances of attack to get access to critical revers to get saves credentials and stored files. for small and medium business this solution is not recommended where perimeter security is already configured.