Attivo Networks and Check Point Software Team Up to Improve Detection and Accelerate the Incident Response of Advanced Threats

ThreatMatrix and Check Point R80 Integration automates the identification, blocking and data exfiltration of attacks

FREMONT, CA--(Marketwired - Jan 3, 2017) - Attivo Networks®, the award-winning leader in deception for cyber security threat detection, announced today that the company has integrated its ThreatMatrix™ Deception Platform with the Check Point R80 management platform. The integration combines prevention, advanced threat detection, and incident response capabilities into a collective defense solution capable of automatically identifying and blocking infected systems to prevent exfiltration of valuable company data and other malicious activities. 

The ThreatMatrix Deception and Response Platform includes Attivo BOTsink® engagement servers and decoys, which play a critical role in deceiving and misdirecting attackers. Attivo Camouflage provides dynamic behavioral deception that makes the deception decoys indistinguishable from production assets by running real operating systems and services. The solution's self-learning capabilities ensure that deceptions remain fresh and re-spin after an attack to avoid attacker identification and fingerprinting. The ThreatStrike™ End-point Suite provides deceptive lures, credentials and ransomware bait that are designed to misdirect attackers to the BOTsink engagement server. Once an attack is detected, the attack can be safely allowed to play out to capture detailed attack information and forensics. This attack information can then be viewed in the BOTsink threat intelligence dashboard, shared with other prevention and detection systems, and will generate a high fidelity alert notifying security teams of the cyber threat. Third party automation is also available to streamline and accelerate incident response actions.

Check Point R80 is a unified security management platform that enhances the ability to integrate security protocols, consolidate policy enforcements and automate firewall capabilities to protect against cyber-attacks. The platform provides a consolidated view for threat management across physical and virtual networks by aggregating logs, events, and alerts into a common user interface. This enhances the visibility of risks and enables automation of incident responses to block exfiltration of valuable enterprise data. 

The integration of the Attivo ThreatMatrix Platform with Check Point R80 empowers customers with a high efficacy solution for detecting advanced threats, which are known for evading prevention systems as well as automated incident response actions. The Attivo solution is not reliant on known signatures or matched attack patterns and can detect all threats for all attack vectors. Attack intelligence gathered in the BOTsink engagement server raises an alert and forwards attack information to the R80 detailing the infected endpoint IP addresses, methods of lateral movement and attack signatures. Simultaneously, configured policies within Check Point R80 are enforced via API to quarantine the devices, block communications with the attackers Command and Control (CNC), and to prevent data exfiltration.

"Integration of the Attivo ThreatMatrix Deception Platform and the Check Point Management Server provides best in breed threat detection and incident response management for our joint customers," said Tushar Kothari, CEO, of Attivo Networks. "They can now benefit from Attivo real-time attack detection and Check Point Software Technologies consolidation of security functions to gain visibility and reduce their response time by automatically blocking attacks of high severity."

"Working together with Attivo Networks extends the value for enterprise customers pursuing the highest level of security," said Alon Kantor, vice president of business development, Check Point. "Dynamic and real-time deception technologies complement our multi-layered threat prevention capabilities against zero-day cyberattacks."

Attivo Networks and Check Point R80 Solution Brief (

About Attivo Networks
Attivo Networks® is the leader in dynamic deception technology for the real-time detection, analysis and forensics of cyber-attacks. The Attivo Deception Platform provides inside-the-network threat detection for user networks, data centers, clouds, and ICS-SCADA environments. Not reliant on known signatures or attack patterns, Attivo uses high-interaction deception techniques based on Attivo BOTsink® engagement servers to lure attackers into revealing themselves. Combined with the Attivo End-Point Deception Suite, advanced luring technology is deployed to detect the use of stolen credentials, ransomware, and targeted attacks. Comprehensive attack analysis and forensics provide actionable alerts to automatically block and quarantine attacks for an accelerated incident response. For more information, visit

Follow Attivo Networks: Twitter and LinkedIn.

Check Point Software Technologies and the Check Point Software Technologies logo are trademarks of Check Point Software Technologies Ltd. in the United States and jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Contact Information:

Gary Thompson
Clarity Communications