Attivo Networks Deflect Solution for an Active Defense

Endpoint Detection Net (EDN) Suite: Deflect

Detect and redirect attempts to fingerprint endpoints and move laterally.

Why Use Deflect For Lateral Movement Mitigation?

Detect discovery attempts and derail lateral movement

Discovering attackers early in the attack cycle is a critical capability for organizations of all sizes. The Attivo Networks Endpoint Detection Net (EDN) Deflect function alerts on attacker reconnaissance as they scan for ports and services on systems to exploit and redirects both inbound and outbound connection attempts to decoys for engagement. The EDN Deflect function makes every endpoint a part of the deception fabric, obfuscating what they look like from the network to disrupt attackers attempting to move laterally. The EDN Deflect function enables native isolation of infected systems to limit their communications to the decoy environment, thus limiting the damage they can do by quarantining them away from production systems.

“ATTIVO IS THE ONLY TOOL THAT IDENTIFIED ACTIVITY IN OUR RECENT RED TEAM EXERCISE.”

—INFORMATION SECURITY DIRECTOR, REAL ESTATE INVESTMENT FIRM

Awards

Deflect Module Capabilities

Obfuscate Prevent accurate fingerprinting

Obfuscate

Prevent accurate
fingerprinting

Network Recon detection

Detect

Early detection of port
and service scans

Proactively redirect and deflect attacks

Redirect

Forward scanning and
connection traffic to decoys

Isolate Limit attack traffic to decoys

ISOLATE

Limit attack traffic
to decoys

DEFLECT LATERAL MOVEMENT

Malicious East/West traffic detection and redirection

DEFLECT LATERAL MOVEMENT

USE CASES

— Detect and obfuscate system fingerprinting attempts to limit the intelligence attackers can collect for their attacks

— Detect and redirect port scans during the reconnaissance phase to decoys for engagement

— Limit communications from infected systems to the decoy environment

Resources

td-platform-vid
EDN Infographic
Solution Brief
EDN Solution Brief
Solution Brief
EDN Use Cases

Content

Endpoint Defenses with the Attivo Networks® EDN Solution
Using a Commercial Deception Solution to Improve MITRE ATT&CK Test Results for Endpoint Security
Deception to Enhance Endpoint Detection and Response

Spotlight

DEFLECT ATTACKS WITH THE ENDPOINT DETECTION NET SUITE

Ready to find out what’s lurking in your network?

Scroll to Top