Why use Deflect for lateral movement mitigation?
Detect discovery attempts and derail lateral movement
Discovering attackers early in the attack cycle is a critical capability for organizations of all sizes. The Attivo Networks Endpoint Detection Net (EDN) Deflect function alerts on attacker reconnaissance as they scan for ports and services on systems to exploit and redirects both inbound and outbound connection attempts to decoys for engagement. The EDN Deflect function makes every endpoint a part of the deception fabric, obfuscating what they look like from the network to disrupt attackers attempting to move laterally. The EDN Deflect function enables native isolation of infected systems to limit their communications to the decoy environment, thus limiting the damage they can do by quarantining them away from production systems.
Deflect Module Capabilities
Obfuscate
Prevent accurate
fingerprinting
Detect
Early detection of port
and service scans
Redirect
Forward scanning and
connection traffic to decoys
Isolate
Limit attack traffic
to decoys
DEFLECT LATERAL MOVEMENT
Malicious East/West traffic detection and redirection
USE CASES
Fingerprinting detection
- — Detect and obfuscate system fingerprinting attempts to limit the intelligence attackers can collect for their attacks
Port Scan detection
- — Detect and redirect port scans during the reconnaissance phase to decoys for engagement
Deny lateral movement
- — Limit communications from infected systems to the decoy environment
“Attivo is the only tool that identified activity in our recent Red Team exercise.”
SPOTLIGHT
DEFLECT ATTACKS WITH THE ENDPOINT DETECTION NET SUITE