Ridgeback plays offense by actively shifting the burden of the exploit back onto the attacker, to maximize the cost of attack to the attacker, so you control the outcome.

Ridgeback assumes the perimeter has been breached. Ridgeback ensures the initial breach won’t lead to any further harm by denyingthe adversary information, arresting the adversary’s lateral movement, and counter-engaging threats to extinguish them from your network – automatically and in real time.

Ridgeback’s “Man in the Middle Defense” injects, modifies, and drops ethernet frames, as needed, to influence adversary behavior. By dynamically changing in real time what an adversary observes Ridgeback influences the adversary’s behavior.

Ridgeback does not use data science, apply rules or require databases of known threats, so it produces no false positives, and it is easy to install, deploy and manage. In fact, there is no burden on the live network or on your compute resources.

See attacks as and when they happen.
Threats are instantly and automatically removed from the network.

Ridgeback communicates to the adversary the availability of BILLIONS of connection opportunities to phantom endpoints.

Any interaction with any phantom resource triggers counter-engagement.
Enterprise network, and normal traffic is entirely unencumbered. The attacker is instantly isolated from the network.

Ridgeback re-writes packets on Layer 2 traffic to simulate resources and counter-engage intercepted traffic
No actual resources are needed or created.

Hacker Experience
The attacker experiences an impossible challenge and is eliminated from the network.


Ridgeback is designed to work autonomously and to be managed using its graphical user interface, or to integrate easily with other tools.


It should take about an hour to have Ridgeback up and running. There’s also nothing to change on the live network, and no agents to install on endpoints. Ridgeback can operate on a physical network or on a virtual network. The only requirement is that Ridgeback has access to layer 2 network traffic.


Ridgeback software is installed on one server or Virtual Machine connected to the network switch. Every asset or resource visible to Ridgeback falls instantly into the protective envelope of Ridgeback phantoms.


You’ll have Ridgeback up and running in short order. A trial can test Ridgeback in your environment in hours or days.


Ridgeback is designed to be managed using our interface, or can easily be integrated with other tools, like SIEMs.
Built in integration points: RESTful Interface | Log File | Syslog | SQLite Database | Watchdog Process | Dashboard Widgets | Processor Plugins | Script Library


Ridgeback can be configured to provide any kind of alerts or countermeasures that fit your security strategy and and security policies. It can operate in complete manual mode giving the security team clear alerts on breaches or work in 100% autonomous mode, deploying countermeasure, including host isolation, in real-time.

Visibility into network behavior to pinpoint issues, threats and network misconfigurations
Security simplified to Break/fix
Threats can’t expand their control of your resources
Your team is freed up to spend time on worthwhile activities, not chasing false positives



Auxilary Configuration of Ridgeback

Ridgeback is a standalone software product that can protect an entire subnet using a standard deployment. The standard deployment is the simplest type, requiring little to no configuration of Ridgeback and no configuration for the network being protected.

Virtualised or Private Cloud Configuration of Ridgeback

Ridgeback can operate on a physical network or on a virtual network. The only requirement is that the Ridgeback installation have access to the layer 2 network traffic.


Stops inside/lateral security threats

Reduces Expense – both product and personnel (High ROI)

Immediate Time-to-Value

Complements or replaces many solutions

Real time remediation

Defeat data theft


Up and running in 15 minutes

Immediate situational awareness

Easy to manage – network, not endpoints

Autonomous operation

Automatic host isolation – threats automatically removed

Integration with SIEM or other tools

“One instance of Ridgeback can automatically deploy hundreds of millions of phantoms throughout your network. All of those phantom assets consume no extra resources and you do not have to manage them at all. Ridgeback does all the work for you.”

To learn more about Ridgeback deployment options, scaling across the enterprise, management and integration with existing security infrastructure (e.g. SIEMs), please contact us or download Ridgeback Technical White Paper.

Extinguish Lateral Movement in Real time, automatically!