Identify and Misdirect Reconnaissance Activity
Detect attacker discovery activity early and redirect it to decoys for engagement. Reduces dwell time with accurate lateral movement detection and high-fidelity alerts.
How Attivo Stops Reconnaissance Attacks
Attackers who successfully compromise an internal system look to move laterally for other hosts to target. They look for systems on the network and identify services that they can attack by scanning or probing for responsive IP addresses and open ports.
The ThreatDefend platform’s network decoys identify host and port scans as soon as attackers attempt them. The platform also makes every endpoint part of the detection fabric by alerting and redirecting connection attempts that interact with closed port to open ports and services on decoy for engagement. These alerts happen early in the attack cycle, giving security teams the opportunity to respond to lateral movement activity before the attackers can infiltrate further.
Detect and Redirect Attacker Reconnaissance
Early detection and misdirection of attackers attempting reconnaissance to discover assets to compromise. Stops east-west lateral movement of threats.
- Get alerted on host and port scans when attackers attempt them.
- Deflect connections that touch closed ports to open ports on decoys for engagement
- Deny accurate host fingerprinting and show disinformation during discovery attempts.
- Make every endpoint a part of the detection fabric to identify reconnaissance and lateral movement activity.
How Attivo Detects and Deflects Reconnaissance
Detect attacker attempts to move laterally using reconnaissance and discovery techniques.
The Endpoint Detection Net Solution (Deflect Feature) Provides:
- Endpoint-based port and service reconnaissance visibility and alerting
- Inbound or outbound attack-related connection redirection
- Host fingerprinting prevention
- Native host quarantine
Attivo Networks BOTsink Provides:
- Network-based host reconnaissance visibility and alerting
- East-west lateral movement detection
- Full OS engagement VMs accept redirected connection attempts