Ridgeback plays offense by actively shifting the burden of the exploit back onto the attacker, so you control the outcome.

Ridgeback assumes the perimeter has been breached. Ridgeback ensures the initial breach won’t lead to any further harm by denying the adversary information, arresting the adversary’s lateral movement, and counter-engaging threats to extinguish them from your network – automatically and in real time.

Ridgeback’s “man in the middle defense” injects, modifies, and drops ethernet frames, as needed, to influence adversary behavior. Dynamically changing in real time what an adversary observes allows Ridgeback to influence the adversary’s behavior.

Ridgeback does not use data science, apply rules or require databases of known threats, so it produces no false positives, and it is easy to install, deploy and manage. In fact, there is no burden on the live network or on your compute resources.

See attacks as and when they happen.
Threats are immediately removed from the network.

Ridgeback Intermingles real endpoints with BILLIONS of phantom endpoints

Any interaction with any phantom resource triggers counter-engagement
Enterprise network, and normal traffic is entirely unencumbered. Attacker is instantly isolated from the network.

Ridgeback re-writes packets on Level 2 traffic to simulate resources and counter-engage
Traffic intercepted, modified on the network layer. No actual resources needed/created.

Hacker Experience.
Attacker experiences and impossible challenge and is eliminated from the network.


Ridgeback is designed to work in autonomous mode and be managed using our interface, or easily integrated with other tools.


It should take about an hour to have Ridgeback up and running. There’s also nothing to change on the live network, and no agents to install on endpoints. Ridgeback can operate on a physical network or on a virtual network. The only requirement is that Ridgeback has access to layer 2 network traffic.


Ridgeback software is installed on one server or Virtual Machine connected to the network switch. Every asset or resource within that network segment falls instantly into the protective envelope of Ridgeback phantoms.


You can be confident you’ll have Ridgeback up and running in short order. A trial can establish Ridgeback acts the way you expect in hours or days.


Ridgeback is designed to be managed using our interface, or easily integrated with other tools, like SIEMs.
Built in integration points:
RESTful Interface | Log File | Syslog | SQLite Database | Watchdog Process | Dashboard Widgets | Processor Plugins | Script Library


Ridgeback can be configured to provide any kind of alerts or countermeasures that fit your security strategy and and security policies. It can operate in complete manual mode giving the security team clear alerts on breaches or work in 100% autonomous mode, deploying countermeasure, including host isolation, in real-time.

Visibility into network behavior to pinpoint issues, threats and network misconfigurations.
Security simplified to Break/fix
Threats can’t expand their control of your resources
Your team is freed up to spend time on worthwhile activities, not chasing false positives



Auxilary Configuration of Ridgeback

Ridgeback Hunter is a standalone software product that can protect an entire subnet using an auxiliary deployment. The auxiliary deployment is the simplest type, requiring little to no configuration of Ridgeback and no configuration for the network being protected.

Inline configuration of Ridgeback

Ridgeback Hunter also can be deployed inline to provided additional point defense for a high-value resource.

Virtualised or Private Cloud Configuration of Ridgeback

Ridgeback Hunter can operate on a physical network or on a virtual network. The only requirement is that the Ridgeback installation have access to the layer 2 network traffic.


Stops inside/lateral security threats

Reduces Expense (High RoI)

Immediate Time-to-Value

Complements or replaces many solutions

Return of control and confidence


Up and running in 10 minutes

Immediate situational awareness

Easy to manage – network, not endpoints

Threats immediately removed

Integration with SIEM or other tools

“With one instance of Ridgeback, you can automatically deploy hundreds of millions of mousetraps throughout your network. With two Ridgebacks you can deploy billions of mousetraps. All of those phantom servers consume no extra resources and you do not have to manage them at all. Ridgeback does all the work for you.”

To learn more about Ridgeback deployment options, scaling across the enterprise, management and integration with existing security infrastructure (e.g. SIEMs), please contact us or download the Ridgeback Technical White Paper.

Extinguish Lateral Movement as it happens, automatically!