Attackers who successfully compromise an internal system look to move laterally for other hosts to target. They look for systems on the network and identify services that they can attack by scanning or probing for responsive IP addresses and open ports.
The ThreatDefend platform’s network decoys identify host and port scans as soon as attackers attempt them. The platform also makes every endpoint part of the detection fabric by alerting and redirecting connection attempts that interact with closed port to open ports and services on decoy for engagement. These alerts happen early in the attack cycle, giving security teams the opportunity to respond to lateral movement activity before the attackers can infiltrate further.