• Accurate Detection
• Timely Detection
• Cost-Effective Detection

• Threat Intelligence
• IT Change Management platforms
• SOAR (Security Orchestration and Response)
• SIEM
• Perimeter Defense
• NAC (Network Access Control)
• Vulnerability Managers
• SSO, Identity Management, Privileged User Management Systems
• EDR, End-point

Threat Deception Technology to Detect Threats Early, Accurately & Efficiently The ThreatDefend Deception Platform is a modular solution comprised of Attivo BOTsink® engagement servers, decoys, and deceptions, the ThreatStrikeTM endpoint deception suite, ThreatPathTM for attack path visibility, ThreatOpsTM incident response orchestration playbooks, and the Attivo Central Manager (ACM), which together create a comprehensive early detection and active defense against cyber threats.

WHY CUSTOMERS CHOOSE THREAT DECEPTION

• EARLY WARNING SYSTEM
• ACTIONABLE ALERTS
• EASY TO DEPLOY
• LOW MAINTENANCE
• STRENGTHENS DEFENSES

DETECT KNOW & UNKNOWN ATTACKS Not reliant on signatures or pattern matching, the Attivo ThreatDefend solution accurately detects in-network reconnaissance, credential theft, Man-in-the-Middle attacks, and lateral movement of threats that other security controls miss. EARLY & ACCURATE DETECTION Threat deception provides early detection of external, insider, and 3rd party attacks. Achieve real-time threat detection of reconnaissance and credential theft activities as attackers are deceived into engaging with decoys, deception lures, and bait designed to entice hackers into revealing themselves. NO ALERT FATIGUE FROM FALSE POSITIVES High-fidelity alerts are raised based upon attacker decoy engagement or deception credential reuse. Each alert is substantiated with rich threat intelligence and is actionable, removing false positive and noisy alerts that distract from the prompt incident response of real threats. NOT RESOURCE INTENSIVE Easy to deploy and operate, the Attivo solution is design to be low maintenance. Deployment is in hours and doesn’t require highly skilled employees or in-depth resources for ongoing operations. Machine learning, automated analysis, and incident response empower quick remediation. CAMOUFLAGE Realistic deception is key to deceiving attackers into engaging. Dynamic deception provides authenticity and deception campaigns for self-learning deployment and refresh.

Authenticity

• Customized using real OS and services to production assets
• Credential validation with Active Directory
• High-interaction engagement

Machine-Learning

• Self-learning of the environment generates deception campaigns
• Campaigns can be deployed on demand for environment refresh
• Allows automated refresh to spin up deception or avoid fingerprinting

Easy Operations

• Simplify deployment with automated campaign proposals
• Easy operations with automated refresh
• Choice of on demand or automated campaign deployment

FEATURES

ThreatDefend is a comprehensive, scalable detection platform designed for the early detection of external threat actors and insiders (employees, suppliers, contractors) and for accelerating incident response. IN-NETWORK THREAT DETECTION Early endpoint, network, application, and data post-compromise threat detection. ATTACK SURFACE SCALABILITY Deception for evolving attack surface: data centers, cloud, user networks, remote office, specialty networks. EASY DEPLOYMENT & OPERATIONS Flexible deployment options and machine-learning for ongoing campaign authenticity and refresh. SUBSTANTIATED ALERTS & FORENSICS Actionable alerts from attacker engagement or credential reuse. Full forensics for actionable response. ATTACK ANALYSIS Automated attack analysis and correlation improves time-to-remediation. THREAT INTELLIGENCE High interaction attacker engagement and DecoyDocs produce threat, adversary, and counterintelligence. ACCELERATED INCIDENT RESPONSE Extensive 3rd party automations accelerate incident response to block, isolate, and threat hunt. ATTACK PATH VULNERABILITY ASSESSMENT Understand attack path vulnerabilities based on exposed credentials and misconfigurations. VISIBILITY & ATTACK MAPS Topographical maps for network visualization and time-lapsed attack replay.

Cyber Deception Platform - detect targeted attacks with a real-time active response that automates counterintelligence campaigns.

We have developed a distributed Deception Platform that protects large enterprises by fooling their adversaries with decoy computers, false data and fake identities.

Our platform offers a new type of detection with trustworthy alerts and real-time active response. It is the first product to automate the design, deployment, monitoring and maintenance of counterintelligence campaigns across all your digital assets.

Our solution works despite the technical complexity of the adversaries’ intrusion and provides a welcome relief from the constant technical race between the attacker and defender. CounterCraft automates counterintelligence, reducing the work burden and costs of creating deception.

BENEFITS:

1. A new form of defence – CounterCraft's Cyber Deception Platform is a unique and innovative solution that adds protection to your organisation with a new strategic focus on counterintelligence.
2. Improve both detection of complex and targeted attacks and the response to them. Boost the capabilities of your current systems with a cyber deception layer and enrichment from our API.
3. Enhance the efficiency of your team. Leverage security analysts to design campaigns and let the platform handle the drudgery of deployment, orchestration and management.
4. Easily communicate with board members and key management about the strategic merit of automated deception campaigns. Explain threats clearly, show evidence of attacks stopped, and highlight benefits to incident detection & management, using the reports and dashboards from the Deception Director.
5. Focus on counterintelligence as a tactical solution. Not only can you detect and research your attackers once they have penetrated your systems but you can use deception operations (DecOps) to actively disrupt them in real-time and further protect your organisation.

Our deception technology is designed with one purpose in mind – to stop attackers from breaching your system and causing damage. Our local threat intelligence feeds help to keep attackers out of your network. CyberTrap offers comfortable, stress-free 24/7 protection while gathering vital intelligence on attacker activities and intent.

• Local threat intelligence feeds
• Insight on attacker activities
• No false positives

Managed services

Our deception as a managed service has been previously accessible only to large companies. For the first time midsize companies can benefit from deception security in a convenient subscription model that won’t stretch their budget or resources.

• No capital investment
• No need to hire experts
• No overhead costs

Supported services

Large enterprises and government agencies are vulnerable to persistent attacks. Such organizations usually have an internal security team which can be supported by CyberTrap. We provide training and assistance to help kickstart your deception operation.

• Easy integration with existing security stack
• All the necessary training provided
• Fast and reliable customer support

CyberTrap is the solution for your Company

Implementing an extra layer of deception security is the right move for any organization storing valuable, highly sensitive data which hackers desire.

• Government & law enforcement agencies
• Banking, financial services & insurance (BFSI)
• IT, telecom & technology
• Utilities & and national critical infrastructure (CNI)
• Production plants & manufacturing
• E-commerce & retail chains
• Healthcare companies

What Is Cyber Deception?

Cyber deception leverages the fact that attackers always follow a predictable attack pattern: reconnaissance, lateral movement, and exploitation. When attackers use tools like Responder.py (for Pass-the-Hash attacks) while targeting sensitive business processes and assets (e.g., SWIFT), deception technology creates a controlled path for them to follow. Attackers are diverted from organizational assets and into controlled environments, giving defenders the upper hand in detection, investigation, and mitigation.

How MazeRunner Works

MazeRunner gives organizations a solution for creating effective deception stories. Deception stories, which are comprised of breadcrumbs and decoys, lead attackers to believe that they have successfully gained access to a target machine. Breadcrumbs are data elements (such as credentials) that lead attackers to decoys. Decoys are machines that run live services; when they are attacked, MazeRunner raises an alert and gathers forensic data.

Cymmetria Features

• Git - Source-code management for Linux decoys
• MySQL- Database service for Linux decoys
• Network Monitor - Monitors for unrecognized machines in the network
• OpenVPN - Virtual private network (VPN) service for Linux decoys
• RDP - Remote Desktop service for Windows decoys
• Responder - This service can, in addition to connecting to the network breadcrumb, monitor for attackers performing NBNS spoofing and Responder usage directly from the decoy. The username, domain, and password will be fed to the attacker from the decoy. Activating MazeRunner’s Pass-the-Hash Monitor (ActiveSOC > Pass-the-Hash Monitor) allows raising alerts when stolen credentials are used in the network
• SMB - Creates a shared folder on the decoy. For Windows and Linux decoys
• SSH - Remote shell service for Linux decoys
• Web application - Allows running a custom, user-controlled website, or a built-in HTTP server with a pre-set web application such as MediaWiki, SugarCRM, or phpMyAdmin. For Linux decoys

• Prevents unknown and sophisticated threats

 

• Very high prevention and detection rates

 

• Real time detection & response

 

• System-wide protection with pinpoint handling

 

• Deploys in seconds & Easy to operate

 

• Low resource usage (CPU, memory & disk) - No UX impact

 

• NO constant updates

 

• Operates in stand-alone/disconnected & VDI environments

 

• Stops millions of threats using only 1 evasion technique

 

• High stability - operates in User-mode

 

• Triggering high-fidelity alerts

 

• Low to non-existing false positive rate

 

• Identify hackers and cyber attack culprits without risking a real security breach.
• Reduce the frequency of cyber-attack attempts on real IT infrastructure, while identifying actual breaches as they happen.
• Neutralize network security threats before they occur and reduce network downtime and data loss.

• Application Protection. The patented ZDP engine protect against Zero-Day vulnerability attacks in real time.

 

• Malware Prevention. Static Analysis and unique Sandbox engines monitor unusual programs at pre-execution.

 

• Dynamic Protection. HIPS and Machine Learning engines capture advanced malware behavior in real time.

 

• Lightweight

 

• Intuitive

 

• No Signatures

 

• Scalable

 

Fidelis Elevate™

• Automate Detection
• Automate Response
• Prevent Data Theft

Elevate Security Operations

Even with many prevention tools in place, organizations are still getting breached. That's why more organizations are shifting from a prevention-focused approach to a detection and response strategy. Fidelis Elevate is the only security operations platform that provides deep visibility, threat intelligence and context across complex environments to automate detection and response.

A Force Multiplier for Your Security Operations

Fidelis Elevate™ integrates network visibility, data loss prevention, deception, and endpoint detection and response into one unified solution. Now your security team can focus on the most urgent threats and protect sensitive data rather than spending time validating and triaging thousands of alerts.

Enhance Your Visibility and Detection Capabilities

• Enrich alerts with data and context from Fidelis Network®, Fidelis Endpoint®, and Fidelis Deception™ – all in a unified platform
• Combine threat intelligence, sandboxing, machine learning, deception, and Fidelis research
• Capture and store metadata for analysis and threat hunting

Automate Response for Quick and Effective Resolution

• Draw conclusions with accuracy by automatically collapsing many alerts and events into a single view
• Automatically validate network alerts on the endpoint with certainty
• Raise the priority level when evidence is found of increased risk
• Automatically execute a response playbook to jumpstart your investigation with clarity
• Stop data leakage, command and control, and active attacks

Ensure Best-of-Breed Breach Detection and Network DLP

Fidelis Network® provides deep visibility – across sessions, packets, and content – and automatically validates, correlates, and consolidates network alerts against every endpoint in your network for fast response.

Automate Endpoint Detection and Response

Fidelis Endpoint® increases endpoint visibility, reduces response time from hours to minutes and enhances endpoint protection.

Detect Post-Breach Attacks With an Active Deception Defense

Fidelis Deception™ automatically profiles networks and assets to create deception layers that are as realistic as possible to detect post-breach attacks.

Fidelis Network Module

Leverage Curated Threat Intelligence for More Accurate Detection Fidelis Insight™ analyzes real-time and historical data, so you can rapidly detect and respond to threats in your environment, even when they happened in the past.

• Automatically discover applications and flows
• Quickly understand application behavior
• Granular visibility down to the process level

• Define segmentation policies in minutes
• Automatic policy recommendations
• Consistent policy expression across any environment

• Multiple detection methods cover all types of threats
• Dynamic deception immediately traps attackers
• High quality, in-context security incidents with mitigation recommendations to speed incident response

• Hybrid Cloud. Workload protection in hybrid cloud environments that span on-premises workloads, VMs, containers and deployments in public cloud IaaS including AWS, Azure and GCP.
• Simplify Security. Simplify security management with one platform that provides flow visibility, micro-segmentation, threat detection and incident response.
• Enterprise Scalability. Scalable to meet the performance and security requirements of any sized environment

Stop Advanced Cyber Threats With Deception Technology By deploying hundreds of unique deception tripwires, IllusionBLACK maximises attack detection through the kill-chain, even against stealthy, targeted campaigns that don’t involve malware. From targeted threat intelligence of an impending attack, to detecting lateral movement in every single subnet, Smokescreen’s deception technology helps turn the tables on apex attackers.

Full Kill-Chain Coverage

IllusionBLACK decoys detect pre-attack reconnaissance, spear-phishing attacks, privilege escalation, lateral movement and data-theft.

Deep Network Visibility

Instantly deploy 100's of individually unique, customisable traps across all your endpoints and in every single subnet of your network.

Attack Vector Agnostic

Deception does not rely on static signatures or heuristics to identify attacks, so it stays effective no matter what the bad guys try tomorrow. IllusionBLACK detects threats no matter what they attack It has advanced 3rd generation deception features, including:

• MirageMaker™. Realistic auto-created decoy data fills deceptive assets with always unique, instantly changing content.
• ThreatParse™. Natural language attack reconstruction parses raw attack data into plain-English attack analysis.
• Automated triage. Agentless investigation of compromised endpoints to reduce root cause analysis time and capture volatile forensic information.
• WebDeflect™. Integrate deception into any web or mobile application to guard against business logic attacks.
• ThreatDeflect™. Redirect attacks to decoy cloud environments to keep attackers engaged while containment kicks in.
• Forensic preservation. All evidence recorded and preserved for further analysis in industry standard formats.
• Smart Integrations. Logic-driven automatic response and orchestration to execute response strategies at wire-speed.
• Hardened BSD UNIX base. Rock-solid security built for highly-targeted environments, coupled with BSD UNIX's legendary reliability.
• Threat intelligence export. Machine consumable through STIX, JSON and CSV, as well as integrations with other security infrastructure.

Stop Chasing Alerts. Start Catching Attackers!

Instead of restrictive controls around your assets, reactive data analytics and the churn of SOC burn-out, Illusive offers organizations concerned about post-breach attack detection a simple alternative to the status quo. Unlike tools that are ‘probabilistic’ in their identification of an incident that might be a threat, Illusive customers gain tactical advantage over cyber adversaries armed with ‘DETERMINISTIC’ notification and precise forensic proof of an attack in motion—saving costly time in defense of your organizations most valuable assets and mission-critical infrastructure.

Agentless, Adaptive, Easy to Deploy
Built on agentless, intelligent automation that requires very little IT coordination, Illusive immediately shifts the advantage to your defenders—and frees them from the complicated, noisy, data-heavy approaches that burden them today.

The Illusive Platform provides centralized management across even the largest and most distributed environments. Three modular components can work together or be operated separately to preempt, detect, and respond to cyberattacks.

Preempt: Illusive Attack Surface Manager finds and removes errant credentials, connections, and attack pathways to deter unauthorized lateral movement.

Detect: Illusive Attack Detection System forces attackers to reveal themselves early in the attack process by disorienting and manipulating their decision-making.

Respond: Illusive Attack Intelligence System enables rapid, effective response and remediation when attackers are present by providing contextual source and target forensics.

Flip cyber asymmetry from ‘probabilistic’ to ‘deterministic’

Illusive puts onus on the attacker, frustrating them once they land on an endpoint by starving them from the real data they expect and need. An environment poisoned with false, but authentic looking data paralyzes the attacker—the second they touch an Illusive deception, they reveal themselves, instantly triggering notification and forensic proof of an attack in motion versus the hope of validating one.

Response shifts from days or weeks of alert analysis to minutes, detailed with source and target. No data parsing or ghost chasing is needed—thus flipping your cyber asymmetry and putting you on the attack.

• Deceive the malware’s perception of reality, prior to installation, to the point that it is certain to be in such a hostile environment and aborts the attack.
• Stop in-memory attacks on the fly by preventing the code injection into legit processes.
• Trick malware into believing the same malware is already running on the target when it’s not.
• Deceive non-evasive ransomware into believing it had encrypted the files on an endpoint when in reality it had not.

• NAC
• Antivirus
• Firewall
• Cloud Solutions
• IPS
• Sandbox

• Offline operation mode. Fully standalone mode which keeps protecting endpoints even when disconnected from the organizational network.
• Easy deployment. As a super-thin agent, Minerva can be installed on thousands of machines in no time. No restart is required.
• Lightweight. As there is no heavy client running in the background, and no active detection application scanning processes and files, Minerva does not use up any resources, and has no impact on the end user experience.
• No false positives. With Minerva in place, there are no false-positive alerts. Once a notification appears, you know that a real threat was neutralized and prevented before any damage has been done.
• No ongoing maintenance. Minerva does not need any ongoing upkeep to ensure it’s operating at its best. It even updates itself automatically with new simulations and artifacts on a regular basis.
• Supports all Windows OS. Embedded systems, Point of Sale (PoS) and additional legacy systems, as well as physical and virtual environments (e.g. VDI Terminal Server).

• Unknown, known and advanced threats detection
• Static and dynamic analysis
• Zero false positive
• Automatic blocking of applications
• Vulnerabilities detection
• Remediation of risky behaviors

• Man In the Middle detection
• Network access control
• SSL certificates check
• Secure browser

• OS vulnerabilities detection
• Root / jailbreak exploitation detection
• Identification of system takeover
• Abnormal battery consumption detection

The Ridgeback Interactive Deception Platform is an enterprise security software platform that defeats malicious network invasion in real time. For any enterprise deploying Ridgeback's solutions, a network intrusion - malware propagation, an insider threats or a remotely directed exploits - encounters a network environment that appears to comprise, literally, billions of servers and other computing resources. The intant the intruder engages a phantom resource, Ridgeback provides options to eliminate or counter-engage the intruder.

Ridgeback takes the fight to the enemy using Interactive Deception and causes the adversary to fruitlessly exhaust resources. This aggressive strategy results in the cost of attack outweighing the benefits of attack.

Based on advanced Interactive Deception tecniques, Ridgeback makes a significant positive impact on the major gaps in cyber security that arise from reliance on perimeter defenses like FireWalls, "after-the-fact" analysis - oriented intrusion detection technologies, and externally dependent and vulnerable endpoint protection schemes.

Ridgeback stands out in the market for two reasons - One for it's ability to act within milliseconds of a breached endpoint trying to make lateral movement, and secondly it's minimal impact on both cyber security and networking personnel from installation through operation and management. Numerous CEO's, CIOs and CISOs agree, there is no product on the market that accomplishes both.

The Nightingale Difference

It’s time for your own nightingale floor.
Sensato-Nightingale.

World's 1st Intrusion Containment Platform for Domain Networks.

Eliminate breaches by protecting Active Directory, Domain Controllers, Domain Identities, Domain Credentials, and all Domain resources.

90% of all corporations around the world, including governments and military entities, are using Domain Networks to manage their users, applications, and computers.

The Domain Network is a unique form of network, one in which all of the computers, servers, and applications are connected. The industry is heavily focused on protecting these resources individually without realizing the security consequences of connecting them to a Domain environment. When a PC or server is connected to a Domain environment, it's exposed to all domain resources by design. It only takes one compromised machine to jeopardize the entire organization.

In an environment where everything is connected, the rules of attack, as well as detection and response, are unique and different. Attackers know this, but most defenders do not. We are here to change that.

Solution Components

Using a proprietary Memory Dissolvable Footprint, we turn the AD into an intrusion-detection and response platform with 99.34% probability of detecting an intruder within his first move while also responding to the malicious process in real-time at the endpoint.

AD Assess

• Continuously find backdoors and hooks attackers leave behind in your Domain.
• Identify and reduce risk affecting the Security posture of the most critical IT asset.

AD Protect

• Control the attacker’s perspective at the endpoint and server
• Detect attackers at the point of breach
• Autonomous investigation at the point of breach
• Stop and mitigate attackers at the point of breach
• Reveal Dark Corners the attacker favors

Javelin - Key outcomes

• Control the Attacker’s Perception
• Real-Time APT Detection
• Automated Investigation
• Real-Time Breach Containment
• Threat Hunting with IOCs

Every year, hundreds of companies only find out that they have been compromised when they are notified by a 3rd party.

This is a stupid problem!

Even  companies that spend millions of dollars on their security have no idea if malicious insiders are trawling around where they shouldn't be.

This is a solvable problem.

Skilful adversaries move laterally within compromised networks for days or months before locating and exfiltrating a companies crown jewels.

This is a hidden opportunity.

Thinkst Canary changes this. Canary devices can be set up in under 5 minutes, even on complex networks, and emulate (down to its network signatures) a number of possible systems. Simply sprinkle canary devices around your network, configure your alert settings, and wait.

Attackers moving laterally, malicious insiders and APT all reveal their presence by interacting with your canaries.

Many security products promise the world, if you would just re-engineer your entire network or mold all your processes around them. These products demo well, but can usually be found months later, half configured and barely used.

Canaries install in under 5 minutes, and are 100% useful on installation.