Attivo Networks raises $21 million Series C funding on strength of ‘deception’ cybersecurity

“Deception puts attackers on the defensive making them work harder and increasing their costs."

The cybersecurity firm Attivo Networks raised a $21 million Series C round of funding led by Trident Capital Cybersecurity and with participation from Omidyar Technology Ventures and Bain Capital Ventures, the firm announced Wednesday.

Attivo sells “deception” cybersecurity technology designed to lure attackers into revealing their presence on targeted networks. The technique, akin to a hall of mirrors, places fake machines and production assets within an enterprise’s actual network. They run real operating systems and contain credentials, ransomware bait and other lures in order to tempt the attacker to act. Anything from ATMs, medical devices, point-of-sale systems and servers can be imitated and monitored.

The funding comes quick on the heels of a $15 million Series B round in May and $45.7 million in overall investment. Attivo was founded in 2011 in Fremont, California.

It’s one of many companies embracing the philosophy that preventing breaches is virtually impossible, so detecting attackers quickly and effectively should be a high priority.


“Achieving 100 percent security is not realistic,” Tushar Kothari, CEO of Attivo Networks, said in a statement. “Organizations must know immediately when their perimeter security controls fail and be able to respond quickly. Attivo Networks deception-based detection efficiently closes this detection deficit.”

The deception model is sucking up cash as of late. Illusive Networks took in over $30 million this year, Shape Security raised $40 million in 2016, TrapX raised $19 million and CounterCraft took in €2 million in investment.

“Deception puts attackers on the defensive making them work harder and increasing their costs,” said Alberto Yépez, a new board member at Attivo and a managing director of Trident Capital Cybersecurity. “High accuracy addresses the issue of too many alarms being reported by existing solutions and incident response is improved with the capture of specific techniques and tools being used by the attacker.”

Latest Podcasts