SC 2020 Awards
Astors award platinum 2019

Why Customers choose EDN to strengthen their endpoint security posture

Enhance defensive strategies to quickly detect and deny lateral movement

Protecting endpoints and preventing the spread of infected systems is a critical concern for organizations of all sizes. The Attivo Endpoint Detection Net (EDN) product complements existing endpoint security solutions by detecting an attacker early in the attack cycle and preventing them from establishing a foothold. The EDN product tackles endpoint security challenges head-on by making every endpoint a decoy, designed to disrupt an attacker’s ability to break out and further infiltrate the network. It does this without requiring agents on the endpoint or causing disruption to regular network operations.

Comprehensive Endpoint Attack Vector Coverage

Detect even the mere act of observation

Detect even the mere act of observation

Endpoint Detection Net Portfolio

The Endpoint Detection Net solution is designed to anticipate methods an attacker will use to break out from an infected endpoint and ambush their every move. This unique approach to detection specifically focuses on reducing the time an attacker can remain undetected and the amount of effort required for an organization to restore environments to normal operations.


Detect attackers attempting steal
credentials and move laterally


Alert on unauthorized AD queries and return
false information to attackers


Identify exposed credentials and remove
at risk attack paths

Key Benefits

The Attivo Endpoint Detection Net product is tackling endpoint security challenges head-on by making every endpoint a decoy designed to disrupt an attacker’s ability to break out and further infiltrate the network.

  • Early Detection of known and unknown attacks
  • Ability to disrupt attacks during observation vs. waiting for an active attack
  • Does not require agents on the endpoint or cause disruption to regular network operations
  • Scalability across a wide-variety of endpoints
  • Machine-learning for automated deployment
  • Capabilities to collect adversary intelligence and forensic data
  • Serve as a powerful protection force-multiplier for businesses using Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) solutions by closing detection gaps and facilitating automated incident response
  • Improved detection proficiency during Red Team testing and security assessments

ENDPOINTS supported



  • Protection against AD data theft

    • — Prevent privilege escalation.

  • Local credential theft detection

    • — Deceptive credential lures breadcrumb attacks into a decoy environment.

  • Ransomware derailment

    • — Thwart attacks attempting mapped share traversal with decoy file shares and systems. Safely entertain attackers to provide more time for response.

  • Detect on network reconnaissance

    • — Obfuscate real assets with decoys in order to disrupt attacker attempts to discover other systems to target.

  • Reveal attempts to steal credentials in transit

    • — Quickly detect Man-in-the-Middle activity with decoys on every network segment.

  • Stop lateral movement before it starts

    • — Gain ongoing visibility to domain admin and other credentials that are exposed or where they don’t belong. Remediate lateral attack paths before attackers can use them.

Upon completion of a proof of concept…

“Look at all this visibility and coverage we achieved in just a few hours!  And, I didn’t have to deploy anything to the endpoint.”

Sr Security Engineer, Top 5 Global Consulting Firm