Awards

Cyber Security Awards
Info Security Products Guide 2020 Bronze

Why use Deflect for lateral movement mitigation?

Detect discovery attempts and derail lateral movement

Discovering attackers early in the attack cycle is a critical capability for organizations of all sizes. The Attivo Networks Endpoint Detection Net (EDN) Deflect function alerts on attacker reconnaissance as they scan for ports and services on systems to exploit and redirects both inbound and outbound connection attempts to decoys for engagement. The EDN Deflect function makes every endpoint a part of the deception fabric, obfuscating what they look like from the network to disrupt attackers attempting to move laterally. The EDN Deflect function enables native isolation of infected systems to limit their communications to the decoy environment, thus limiting the damage they can do by quarantining them away from production systems.

Deflect Module Capabilities

Obfuscate Prevent accurate fingerprinting
Obfuscate

Prevent accurate
fingerprinting

Network Recon detection
Detect

Early detection of port
and service scans

Proactively redirect and deflect attacks
Redirect

Forward scanning and
connection traffic to decoys

Isolate Limit attack traffic to decoys
Isolate

Limit attack traffic
to decoys

DEFLECT LATERAL MOVEMENT

Malicious East/West traffic detection and redirection

DEFLECT LATERAL MOVEMENT

USE CASES

  • Fingerprinting detection

    • — Detect and obfuscate system fingerprinting attempts to limit the intelligence attackers can collect for their attacks


  • Port Scan detection

    • — Detect and redirect port scans during the reconnaissance phase to decoys for engagement


  • Deny lateral movement

    • — Limit communications from infected systems to the decoy environment

“Attivo is the only tool that identified activity in our recent Red Team exercise.”

Information Security Director, Real Estate Investment Firm