Divert is a novel cyber deception platform designed to outsmart attackers at the edge of your infrastructure long before they breach your internal assets. Divert shifts customers’ defenses from reactive to proactive and detection from right to absolute left in the kill chain. Divert’s features are informed by decades of experience in offensive security consulting. Unlike traditional honeypots, decoys, canaries, digital twins, breadcrumbs, and honeytoken solutions, Divert goes beyond simple detection blocking threats while generating a threat intelligence signal with unbelievable detail and fidelity.
Our platform creates realistic, multi-step scenarios with varying degrees of difficulty. We lure attackers into time-wasting mazes where we gather intelligence on their tactics, sophistication, and sources. We emulate a variety of vulnerabilities like configuration errors, unnecessarily exposed content, exposed credentials, and even custom web application bugs, all presented on your external DNS namespace. The goal is to detect and gather intelligence on threats during the reconnaissance phase.
Classic tokens used as bait, like usernames/passwords, public/private keys, and unique URLs work alongside more modern cloud-based tokens, such as AWS access keys. These tokens are passed between authentic-looking vulnerabilities that serve as milestones in our mazes. Instantly deployable public deceptions at scale, multi-tenant capacity, automatic DNS integration, and custom threat feeds consumed by your existing stack make deploying Divert a matter of minutes, not weeks or months.
Single-step canaries and honeypots leave any reasonable attacker wondering, “Ok this is dumb; what’s next?” Sure, we can implement those, and a level 1 maze does tell you a certain amount (mainly that nobody’s looking too hard at you). However, we know that realworld breaches are iterative, chains of different steps. In each step some access is gained, some secrets are gleaned, and then are used in the next step in the chain: repeat. You have to get through something to get to something. Current cyber deception offerings operate naively, as if attackers compromise their targets in a single, monolithic step and then stop. Reach a breach walkthrough report; they don’t work this way.
While we’re drawing attackers away from your assets and towards our diversions, we're in the best possible position to gather meaningful threat intelligence, clearly distinguishing internet background noise from serious adversaries. Since each maze milestone can vary in difficulty, we can accurately estimate the skill of each threat from their success (or lack thereof) solving mazes. We use adversary fingerprinting to correlate evasive actors as they change IP addresses.
We record threats as they interact with diversions so you can replay them later. We collect attacker artifacts like listener addresses as well as scripts, and binaries, the names of the tooling used, techniques observed, credentials attempted, and more. We provide unparalleled threat intelligence for both the threats that target your organization as well as globally throughout the entire Divert ecosystem.
Most importantly, we offer the world's first offensive, deception capabilities. Strike back at your adversaries to reveal real IP addresses, internal hostnames, nearby wireless networks, and more. Reveal unprecedented information about the most legitimate threats attacking you.
We know you have enough tools, you have enough alerts, and you have enough to do. We’re not here to add to that. We feel like other deception products require a heavy lift on your part to deploy. We make deception at scale possible without anything on your part, but easily integrate into your existing solutions to shield your real assets automatically. Being push-button easy is a fundamental company tenant. No more seeding of breadcrumbs, no need to keep track of which canary is which, no internal VMs required, no manual docker commands to create decoy containers, no content copying or point-in-time cloning of websites, and no manual NAT/FW rules to publish deceptions on your edge.
Divert differs from current cyber deception products a lot. In fact, we have been talking about Divert as a concept for almost 20 years. Throughout that time, we were busy growing an offensive cybersecurity consulting firm, which was eventually acquired. While doing that, we witnessed a small deception space created amongst an almost innumerable number of other security products. These all seemed like they were neutered by their inability to “do” anything as well as a bit naive as to how offensive campaigns work. Some combination of the following always seemed to be true: The deceptions seemed naive, the deployment difficult, and the capabilities weak.
To be fair, Divert wasn’t really possible without a lot of recent technologies and platforms. We know everyone wants to differentiate, bash the competition while emulating it, call themselves “next-gen,” and claim they have a new take. Of everyone we know, we’re the most side-eyed critics of so-often ineffective security products and their marketing efforts. It’s long been obvious to us that a bad product deployed well is usually better than a good product deployed poorly. That’s why we focused on creating an excellent product and made deployment an afterthought. Reach out and schedule a demo with us!
© 2025 Divert, LLC - All Rights Reserved