© 2015 Attivo Networks. All rights reserved. www.attivonetworks.com DS-2015.BOTSINKFAM-05.04

Attivo BOT and APT Detection Solution

Cloud Firewall, IDS/IPS Sandbox BOTsink End Point Security(ON DEVICE)

Attivo offers a new paradigm in security that complements and augments your existing security infrastructure—our technology lures, detects, engages, and analyzes APT and BOT attacks on your network.

The Attivo Solution is an on-premise and data center APT and BOT security appliance/VM designed to augment your existing security systems. The Attivo Solution securely engages APTs and BOTs as they begin scanning, targeting and probing network clients, servers, and services and then traps their activity. Once contained, the APTs and BOTs will not be able to communicate. The Attivo Solution captures and catalogues all attempted communications and propagation activity for future forensics. The Attivo Solution uses our Analyze, Monitor and Record (AMR) Engine that feeds events to our patented Multi- Dimensional Correlation Engine to generate attack sequence.

Captures All BOT and APT ActivityAttivo Solutions are deployed on any subnet that has high-value systems targeted by BOTs and APTs for IP and data theft or systems that host BYODs. The Attivo Solution identifies infected hosts mounting attacks, reports the time, type and anatomy of the attack to enable immediate remedial action, and gives visibility into the lifecycle of the BOT. The Attivo Solution emulates the most commonly attacked network services and hosts hundreds of IP addresses to quickly attract and identify BOTs.

APT and BOT Detection & Engagement• VM-based honeynet to attract APTs and BOTs• Detects both scanning and targeted types of attack• Engages with hosted services and apps• Provides concise and actionable data

• Minimize the chances of APT or BOT outbreak

Captures• User login anomalies• Brute force login attacks• Dropped payload• Outbound network activity to C&C servers• Traps external communication into a Sinkhole

Fast / Easy Deployment• Configure unused IPs and subnets• Provides multiple presences in 100s of subnets• DHCP support• Define whitelist

• Define log forwarder

Simple & Scalable• Self-monitoring and self-healing• Pre-configured• Hosts virtual machines/servers and services• DNS sinkhole / Sinkhole Proxy, IOC and STIC ports

• Collect & export events/data through syslog integration

NETWORK PROTECTION Minimize APT and BOT infections targeting network servers and clients as they infiltrate the network. The Attivo Solution emulates key network services across multiple virtual machines and IP addresses to detect APT and BOTs before they compromise your information.

ENGAGE APTs and BOTs BEFORE NETWORK DAMAGE The Attivo Solution engages APTs and BOTs—trapping their activities, preventing communications, and stopping their propagation.

ISOLATE COMMAND & CONTROL ACTIVITY Even APTs and BOTs that are sleeper agents or time triggered are captured within the Attivo Solution. By default, no outbound C&C activity can occur. Any attempts at outbound C&C communication are captured for forensic analysis.

© 2015 Attivo Networks. All rights reserved. www.attivonetworks.com DS-2015.BOTSINKFAM-05.04

47697 Westinghouse Dr.Fremont, CA 94539Phone 555.543.5432

BOTsink 2500 BOTsink 5000 Virtual BOTsink for VMware BOTsink IRES™ for Targeted Attacks

Ideal for Small to Medium Enterprise

Medium to Large Enterprise

Medium to Large Enterprises Any Size Enterprise using BOTsink Solutions

Deployment Options

Up to 16 VLANs Up to 100 VLANs Public or Private CloudsV2500 - up to 25 VLANs V5000 - up to 125 VLANs

Endpoints

SKU# ABS-2500-16 ABS-5000-100 ABSVMW-2500 ABSVMW-5000

ABS-IRES-100

Annual Support

ABSSUP-2500 ABSSUP-5000 ABSSUP-2500 ABSSUP-5000

Yearly renewable license

Includes system service and support, firmware upgrades, and updates

Note: Subject to change without notice. Not all features are available for first release. Some features available on the BOTsink 5000 only. Contact Attivo Networks for final specifications.

Simple Appliance Deployment• Plugs into LAN

• Supports multiple subnets

• Does not require any redirection of traffic

• Syslog Integration

Simple Virtualized Deployment• VMware support

• Deploy prior to or after cloud adoption

• Same benefits as the Attivo BOTsink® appliance

• Syslog Integration

BOTsink and Attivo Networks are registered trademarks of Attivo Networks, Inc.