Identify and Misdirect Reconnaissance Activity

Detect attacker discovery activity early and redirect it to decoys for engagement. Reduces dwell time with accurate lateral movement detection and high-fidelity alerts.

Protect Your Active Directory. Get Your Free Trial Now.

How Attivo Stops Reconnaissance Attacks

Attackers who successfully compromise an internal system look to move laterally for other hosts to target. They look for systems on the network and identify services that they can attack by scanning or probing for responsive IP addresses and open ports.

The ThreatDefend platform’s network decoys identify host and port scans as soon as attackers attempt them. The platform also makes every endpoint part of the detection fabric by alerting and redirecting connection attempts that interact with closed port to open ports and services on decoy for engagement. These alerts happen early in the attack cycle, giving security teams the opportunity to respond to lateral movement activity before the attackers can infiltrate further.

Awards for Credential Attack Protection and Detection

SC 2020 Awards

CDM-INFOSEC-WINNER-2020

Info Security Products Guide 2020 Gold

cybersecurity excellence award

Astors award platinum 2019

Detect and Redirect Attacker Reconnaissance

Early detection and misdirection of attackers attempting reconnaissance to discover assets to compromise. Stops east-west lateral movement of threats.

Benefits

High Fidelity Detection

Early Attack Detection

Get alerted on host and port scans when attackers attempt them.

Interception & Redirection

Attack Redirection

Deflect connections that touch closed ports to open ports on decoys for engagement

Innetwork_detection

Misinform Discovery Activity

Deny accurate host fingerprinting and show disinformation during discovery attempts.

Scalability Benefits

Expand Detection Net

Make every endpoint a part of the detection fabric to identify reconnaissance and lateral movement activity.

How Attivo Detects and Deflects Reconnaissance

Detect attacker attempts to move laterally using reconnaissance and discovery techniques.

How Attivo Detects and Deflects Reconnaissance

Port/Service Scans

The Endpoint Detection Net Solution (Deflect Feature) Provides:

Endpoint-based port and service reconnaissance visibility and alerting
Inbound or outbound attack-related connection redirection
Host fingerprinting prevention
Native host quarantine

The Endpoint Detection Net™ Solution (Deflect Feature) Offers:

Network Reconaissance

Decoy Deception Technology

Attivo Networks BOTsink Provides:

Network-based host reconnaissance visibility and alerting
East-west lateral movement detection
Full OS engagement VMs accept redirected connection attempts

Perspectives

In-Security Update: ADSecure

Attivo Networks Customer and Analyst Quotes

Customer Experiences in Real World Deception Deployments

Resources

Deception Technology Use Cases to Defeat Advanced Attackers

Attivo Deception MITRE Shield Mapping

CDM Webinar: Game Changing Breach Defense by Dramatically Improving Endpoint Security

Spotlight

Calculating ROI for Attivo Deception and Concealment Technology

Ready to find out what’s lurking in your network?