Identify and Misdirect Reconnaissance Activity

Detect attacker discovery activity early and redirect it to decoys for engagement. Reduces dwell time with accurate lateral movement detection and high-fidelity alerts.

Protect Your Active Directory. Get Your Free Trial Now.

How Attivo Stops Reconnaissance Attacks

Attackers who successfully compromise an internal system look to move laterally for other hosts to target. They look for systems on the network and identify services that they can attack by scanning or probing for responsive IP addresses and open ports.

The ThreatDefend platform’s network decoys identify host and port scans as soon as attackers attempt them. The platform also makes every endpoint part of the detection fabric by alerting and redirecting connection attempts that interact with closed port to open ports and services on decoy for engagement. These alerts happen early in the attack cycle, giving security teams the opportunity to respond to lateral movement activity before the attackers can infiltrate further.

Awards for Credential Attack Protection and Detection

Detect and Redirect Attacker Reconnaissance

Early detection and misdirection of attackers attempting reconnaissance to discover assets to compromise. Stops east-west lateral movement of threats.


High Fidelity Detection

Early Attack Detection

  • Get alerted on host and port scans when attackers attempt them.
Interception & Redirection

Attack Redirection

  • Deflect connections that touch closed ports to open ports on decoys for engagement

Misinform Discovery Activity

  • Deny accurate host fingerprinting and show disinformation during discovery attempts.
Scalability Benefits

Expand Detection Net

  • Make every endpoint a part of the detection fabric to identify reconnaissance and lateral movement activity.

How Attivo Detects and Deflects Reconnaissance

Detect attacker attempts to move laterally using reconnaissance and discovery techniques.

How Attivo Detects and Deflects Reconnaissance

Port/Service Scans

The Endpoint Detection Net Solution (Deflect Feature) Provides:

  • Endpoint-based port and service reconnaissance visibility and alerting
  • Inbound or outbound attack-related connection redirection
  • Host fingerprinting prevention
  • Native host quarantine
The Endpoint Detection Net™ Solution (Deflect Feature) Offers:

Network Reconaissance

Decoy Deception Technology

Attivo Networks BOTsink Provides:

  • Network-based host reconnaissance visibility and alerting
  • East-west lateral movement detection
  • Full OS engagement VMs accept redirected connection attempts


In-Security Update: ADSecure
Attivo Networks Customer and Analyst Quotes
Customer Experiences in Real World Deception Deployments


Solution Brief
Deception Technology Use Cases to Defeat Advanced Attackers
Solution Brief
Attivo Deception MITRE Shield Mapping
Solution Brief
CDM Webinar: Game Changing Breach Defense by Dramatically Improving Endpoint Security


Calculating ROI for Attivo Deception and Concealment Technology

Ready to find out what’s lurking in your network?

Scroll to Top