Ridgeback Network Defense

Disrupt and eliminate hackers before they succeed.

Ridgeback stops lateral movement like no other.

The Business Case

Why Ridgeback?

After an attacker has gained an initial foothold in a network, they look to broaden and cement further control over your endpoints, data and systems. This activity is known as lateral movement.

Ridgeback stops lateral movement by disrupting network discovery by attackers and eliminates them before they can succeed.

Almost all types of cyber-attacks involve some kind of lateral movement. Yet, the lateral movement remains undetected by nearly all cybersecurity products.

Offense As Defense in Cybersecurity

Ridgeback creates deterrence at each reconnaissance stage as the attacker attempts to move forward with malicious intent.

Our patented technology protects your network and IT assets by implementing man-in-the-middle techniques as a defense.

Why lateral movement must be stopped

70% of exploits involve lateral movement. On average, the hackers’ dwell time is 277 days.*

After breaching your network, an attacker lies in wait, silently conducting reconnaissance to observe and map the network. Their goal is to expand their knowledge and control over your assets.
After an attack, orchestrated through methods like spear-phishing, the hacker will quietly conduct reconnaissance to observe and map the network and its end-points to understand key network characteristics such as hostnames, operating systems and network topology. These are the prerequisites to expanding their control over your systems.

If lateral movement is not stopped, an attack such as ransomware is highly likely to succeed.

By Thomas Phillips, Inventor & CTO – Ridgeback

"Ridgeback is like using Weaponized Virtual Reality to thwart adversaries."

Something will always get compromised in your network and once it does, the attacker will now be operating from a trusted device inside the firewall. The challenge presented can be difficult to detect and address without Ridgeback.
Why Ridgeback is a unique product?


Only one single < 1 MB core per network segment (no endpoint agents).


Operates on Layer 2, beneath all other layers.


Exposes hostile behavior and configuration/hygiene problems deterministically. No false positives. 


The entire solution can be deployed on a single laptop.


Observes live-to-live and live-to-dark space communications.


Layer 2 addresses IT and OT networks. Any device with a mac address is protected.


The only cyber deterrent: disrupt and impair the adversary at the inception of the exploit.


Instant-on. No network or endpoint overhead.