The idea is to set up a replica of your network that is so convincing that a malicious actor will enter the faux system and engage with it. When that happens, Attivo can track activities and learn methods and tactics. Once an asset is “touched” an alert goes off, and systems administrators are informed.
Over the years this approach has been called a “honeypot.”
Not exactly a new concept for the military. Trapping moves have been around since the Battle of Cannae.
Early honeypots were time-consuming and expensive to assemble. The breakthrough from Attivo is their approach gives you speed, flexibility, and scaling. Early honeypots were painstaking to construct and required hours and hours of a technician’s time. As a result, they were difficult to deploy and scale.