Ridgeback Operates on Layers 2,3,4 delivering…

Visibility

  • Comprehensive, real-time visualization of the network
  • Visibility into Assets and all network communication
  • Continuous Attack surface scanning and Risk Assessment
  • Continuous, real-time, 24X7 monitoring

A Hostile Network

  • Network hostile at every stage of the exploit.
  • Poison data. Deny the Adversary any useful knowledge.
  • Automated countermeasures.
  • Compromised host isolation.

Policy Enforcement & Adaptation

  • Fine-grained security policies.
  • Software-only approach.
  • Automated countermeasures.
  • Reporting integration / compliance.

How Does Ridgeback Solve the problem of Malicious Lateral Movement?

We solve this problem by taking a proactive approach to network intrusions, getting in front and ahead of them rather than responding to them after the incident. We take the position that an infiltration will occur at some point, if it hasn’t already, and deploy several techniques including a vast army of Ridgeback virtual antibodies across your network to patiently lie in wait for intruders.

Every enterprise needs to deploy tools that convey deep knowledge of the enterprise network, communications, and the attack surface, using techniques like deception, meaconing and spreading breadcrumbs across the enterprise to poison the network when attackers are fishing for data, defining and enforcing various fine-grained access and communication policies that prohibit unauthorized, undesired patterns on the attack surface, and monitoring the effects of these techniques on the security posture of the organization on a 24×7 basis to continuously learn about new threats, patterns of attack and to adapt in real-time!

Instead of passively waiting for an attack, Ridgeback is software that uses the techniques of deception to actively influence the behavior of attackers, luring them into deceptions and traps that instantly reveal an attacker’s true intent. This approach shifts the costs from the defender to the attacker.

Once Ridgeback is installed on your network, our goal is to slow down, interrupt, and prevent malicious lateral movement. We inhibit the compromise of one endpoint from leading to the compromise of multiple endpoints. In Cybersecurity, enterprises deal with a rapidly-evolving threat landscape. As an example, for a network comprising 1,000 endpoints, there are approximately 713,309,000 local lateral movement attack vectors. Delayed action is harmful, and inaction is catastrophic in most cases. Therefore, an enterprise cybersecurity program must be able to adapt to be successful. Effective and timely decisions must be made to address these ever changing cyber threats.

We believe that the only way to create an adaptive security program is to start with insight into what is going on in the network i.e. getting deep visibility into network operations. The reality is, you can’t protect what you can’t see. Once you have the visibility to understand the attack surface, vulnerabilities and potential attack patterns the enterprise needs to deploy strategies to make the network extremely hostile for the bad guys by poisoning the network, using aggressive deception techniques, fine-grained access and communication policies and counter measures and then continuously monitor the network and enforce policy violations and malicious lateral movements automatically and in real time.

The enterprise needs to then adapt the findings discovered in this first operations cycle to implement and execute more advanced and informed poisoning schemes and create more policies to tighten security and keep going through this cycle (wash, rinse, repeat!) to be on top of ever changing security threats.

VISIBILITY | NO FALSE POSITIVES | ONE INTERFACE

With Ridgeback

You will know how your network is configured and operating, all the time. You will deny the adversary that knowledge.

You will be certain that unauthorized and undesirable behavior between live endpoints is identified and extinguished.

Your network becomes dramatically hostile to an intruder. Irrespective of threat type, known or unknown, your security is adaptive.

Your security response will be automated. Your security will be easier and lower cost.

ENTERPRISE

Stops inside/lateral security threats

Reduces Expense – both product and personnel (High ROI)

Immediate Time-to-Value

Complements or replaces many solutions

Real time remediation

Defeat data theft

IT TEAM

Up and running in 15 minutes

Immediate situational awareness

Easy to manage – network, not endpoints

Autonomous operation

Automatic host isolation – threats automatically removed

Integration with SIEM or other tools

See attacks as and when they happen.
Threats are instantly and automatically removed from the network.

Ridgeback communicates to the adversary the availability of BILLIONS of connection opportunities to phantom endpoints.

Any interaction with any phantom resource triggers counter-engagement.
Enterprise network, and normal traffic is entirely unencumbered. The attacker is instantly isolated from the network.

Ridgeback re-writes packets on Layer 2 traffic to simulate resources and counter-engage intercepted traffic
No actual resources are needed or created.

Hacker Experience
The attacker experiences an impossible challenge and is eliminated from the network.

THE EXPERIENCE OF ‘OPERATING’ RIDGEBACK

Ridgeback is designed to work autonomously and to be managed using its graphical user interface, or to integrate easily with other tools.

INSTALLATION

It should take about an hour to have Ridgeback up and running. There’s also nothing to change on the live network, and no agents to install on endpoints. Ridgeback can operate on a physical network or on a virtual network. The only requirement is that Ridgeback has access to layer 2 network traffic.

DEPLOYMENT

Ridgeback software is installed on one server or Virtual Machine connected to the network switch. Every asset or resource visible to Ridgeback falls instantly into the protective envelope of Ridgeback phantoms.

EVALUATION

You’ll have Ridgeback up and running in short order. A trial can test Ridgeback in your environment in hours or days.

INTEGRATION

Ridgeback is designed to be managed using our interface, or can easily be integrated with other tools, like SIEMs.
Built in integration points: RESTful Interface | Log File | Syslog | SQLite Database | Watchdog Process | Dashboard Widgets | Processor Plugins | Script Library

OPERATION

Ridgeback can be configured to provide any kind of alerts or countermeasures that fit your security strategy and and security policies. It can operate in complete manual mode giving the security team clear alerts on breaches or work in 100% autonomous mode, deploying countermeasure, including host isolation, in real-time.

INSTANT VALUE
Visibility into network behavior to pinpoint issues, threats and network misconfigurations
Security simplified to Break/fix
Threats can’t expand their control of your resources
Your team is freed up to spend time on worthwhile activities, not chasing false positives

VISIBILITY | NO FALSE POSITIVES | ONE INTERFACE

RIDGEBACK DEPLOYMENT

Auxilary Configuration of Ridgeback

Ridgeback is a standalone software product that can protect an entire subnet using a standard deployment. The standard deployment is the simplest type, requiring little to no configuration of Ridgeback and no configuration for the network being protected.

Virtualised or Private Cloud Configuration of Ridgeback

Ridgeback can operate on a physical network or on a virtual network. The only requirement is that the Ridgeback installation have access to the layer 2 network traffic.

ENTERPRISE

Stops inside/lateral security threats

Reduces Expense – both product and personnel (High ROI)

Immediate Time-to-Value

Complements or replaces many solutions

Real time remediation

Defeat data theft

IT TEAM

Up and running in 15 minutes

Immediate situational awareness

Easy to manage – network, not endpoints

Autonomous operation

Automatic host isolation – threats automatically removed

Integration with SIEM or other tools

“One instance of Ridgeback can automatically deploy hundreds of millions of phantoms throughout your network. All of those phantom assets consume no extra resources and you do not have to manage them at all. Ridgeback does all the work for you.”

To learn more about Ridgeback deployment options, scaling across the enterprise, management and integration with existing security infrastructure (e.g. SIEMs), please contact us or download the Ridgeback Technical White Paper..

Ridgeback is plug-and-play, requires no time-consuming configuration, no infrastructure burden, operates the instant it is activated, requires little or no oversight and won’t disturb or encumber your live network.