Protect Your Active Directory. Get Your Free Trial Now.

How Attivo Stops Reconnaissance Attacks

Attackers who successfully compromise an internal system look to move laterally for other hosts to target. They look for systems on the network and identify services that they can attack by scanning or probing for responsive IP addresses and open ports.

The ThreatDefend platform’s network decoys identify host and port scans as soon as attackers attempt them. The platform also makes every endpoint part of the detection fabric by alerting and redirecting connection attempts that interact with closed port to open ports and services on decoy for engagement. These alerts happen early in the attack cycle, giving security teams the opportunity to respond to lateral movement activity before the attackers can infiltrate further.

Awards for Credential Attack Protection and Detection

SC 2020 Awards
Info Security Products Guide 2020 Gold
Astors award platinum 2019

Detect and Redirect Attacker Reconnaissance

Early detection and misdirection of attackers attempting reconnaissance to discover assets to compromise. Stops east-west lateral movement of threats.


High Fidelity Detection

Early Attack Detection

  • Get alerted on host and port scans when attackers attempt them.
Interception & Redirection

Attack Redirection

  • Deflect connections that touch closed ports to open ports on decoys for engagement

Misinform Discovery Activity

  • Deny accurate host fingerprinting and show disinformation during discovery attempts.
Scalability Benefits

Expand Detection Net

  • Make every endpoint a part of the detection fabric to identify reconnaissance and lateral movement activity.

How Attivo Detects and Deflects Reconnaissance

Detect attacker attempts to move laterally using reconnaissance and discovery techniques.

How Attivo Detects and Deflects Reconnaissance

Port/Service Scans

The Endpoint Detection Net Solution (Deflect Feature) Provides:


  • Endpoint-based port and service reconnaissance visibility and alerting

  • Inbound or outbound attack-related connection redirection

  • Host fingerprinting prevention

  • Native host quarantine

The Endpoint Detection Net™ Solution (Deflect Feature) Offers:

Network Reconaissance

Decoy Deception Technology

Attivo Networks BOTsink Provides:


  • Network-based host reconnaissance visibility and alerting

  • East-west lateral movement detection

  • Full OS engagement VMs accept redirected connection attempts