How Ridgeback works

Real-time Security – Shifts the cost of attack from
defender to adversary.

The Ridgeback security platform defeats malicious network invasion in real time. By influencing adversary behavior, Ridgeback compels the adversary to expend resources unnecessarily, and thus dramatically increases the cost of attack.

Ridgeback’s “man in the middle defense” injects, modifies, and drops ethernet frames, as needed, to influence adversary behavior. It is the ability to alter in real time what an adversary observes that allows Ridgeback to influence the adversary’s behavior.


Dynamic Interactive Deception

Dynamic Interactive
— Deception —

Ridgeback’s platform automatically deceives, disrupts and defeats malicious attacks

Operates on the Network Layer

Operates on the
— Network Layer —

Ridgeback operates on the network layer, not on its end points

An Extensible Platform

An Extensible
— Platform —

Its performance is extended as a platform for security and network management plug-ins


Diagram of the healthy network

Diagram of a network where attack is in progress

Diagram of a network where decoys are in action

Hacker Confused, Hack is cost prohibitive. So hackers eliminated, Enterprise in control

Ridgeback Benefits

Hacker Eliminated
Enterprise in Control

Ridgeback advantages - how Cyber attacks are foiled


  • Stops inside/lateral security threats
  • Reduces Expense (High RoI)
  • Immediate Time-to-Value
  • Complements or replaces many solutions
  • Return of control and confidence

IT Team

  • Up and running in 10 minutes
  • Immediate situational awareness
  • Easy to manage – network, not endpoints
  • Threats immediately removed
  • Integration with SIEM or other tools


See attacks as and when they happen.
Threats are immediately removed from the network.

Ridgeback Operation Diagram


Ridgeback Intermingles real endpoints with BILLIONS of decoy endpoints


Any interaction with any ghost resource triggers counter-engagement
Enterprise network, and normal traffic is entirely unencumbered. Attacker is instantly isolated from the network.

Ridgeback re-writes packets on Level 2 traffic to simulate resources and counter-engage
Traffic intercepted, modified on the network layer. No actual resources needed/created.

Hacker Experience.
Time to investigate network skyrockets Network scanning and probing yields unexpected, confusing responses. Connections held open / disconnected. Scanning tools not working. Proxies not working / dropping.


Auxilary Configuration of Ridgeback

Ridgeback Hunter is a standalone software product that can protect an entire subnet using an auxiliary deployment. The auxiliary deployment is the simplest type, requiring little to no configuration of Ridgeback and no configuration for the network being protected.

Inline configuration of Ridgeback

Ridgeback Hunter also can be deployed inline to provided additional point defense for a high-value resource.

Virtualised or Private Cloud Configuration of Ridgeback

Ridgeback Hunter can operate on a physical network or on a virtual network. The only requirement is that the Ridgeback installation have access to the layer 2 network traffic.


– WHY –

  • Real-time on threats from internal sources and from outside the network
  • Layers into any/all other existing security measures seamlessly – plug ’n’ play implementation
  • Automatic, no labor – no false positives and no active human management required

– HOW –

  • Ridgeback creates a virtual space of billions of decoy servers and other imaginary resources
  • When an attacker engages with decoys, they are confused, quarantined and eliminated
  • Shifts the burden from the enterprise to the attacker


Ridgeback does the work for you


Ridgeback does the work for you


Ridgeback does the work for you

Extensible with

Ridgeback does the work for you

Network Layer,
Not Endpoints

Ridgeback does the work for you

Easy Setup,
No Labor

Ridgeback does the work for you

Ridgeback can be configured to provide any kind of alert or countermeasure, as deemed appropriate by the organization’s security policies. In addition, Ridgeback’s criteria for alert can be adjusted to fit the organization’s needs for security or IT management.
Ridgeback can operate on a physical network or on a virtual network. The only requirement is that the Ridgeback installation have access to the layer 2 network traffic.
“With one instance of Ridgeback, you can automatically deploy hundreds of millions of mousetraps throughout your network. With two Ridgebacks you can deploy billions of mousetraps. All of those decoy servers consume no extra resources and you do not have to manage them at all. Ridgeback does all the work for you.”
All you have to do is type start-ridgeback.”
To learn more about Ridgeback deployment options, scaling across the enterprise, management and integration with existing security infrastructure (e.g. SIEMs), please download the Ridgeback Technical White Paper.

Protect Your Network. Win the Cyber War.

Download Ridgeback

Download Ridgeback

Download Ridgeback White Paper

Download Ridgeback White Paper

Talk to Ridgeback Security Expert

Talk to Ridgeback Security Expert