Defensys has announced the commercial release of the Defensys Threat Deception Platform. Defensys TDP belongs to a class of Distributed Deception Platforms (DDP) that use active deception techniques. It allows you to detect intruders and mislead them by distorting the perception of the corporate network with fake elements.
At the heart of all Deception technologies is the concept that any company is compromised by default. Classical perimeter protection and monitoring tools in today’s reality lose their effectiveness. Sooner or later intruders penetrate an organization’s infrastructure and can spend months exploring it without being detected.
Deception technologies act as one of the last lines of defense, capable of slowing down and identifying the cybercriminal. Using a set of interconnected traps and lures, the system allows you to mislead the hacker, detect his presence on the corporate network early on, and enables you to prevent the attack from developing before it causes significant damage.
The Defensys Threat Deception Platform provides users with the ability to automatically deploy trap and decoy networks from ready-to-use templates. In addition, Defensys TDP allows you to create traps and lures as similar as possible to the customer’s specific systems and IT assets based on infrastructure data. The platform can replicate workstations, devices, applications, network devices, servers, and simulate network communication. These traps can be discreetly placed in an organization’s infrastructure, becoming indistinguishable from real hosts. Any interaction with the traps will indicate an incident and create an alert in the system.
To attract an intruder’s attention, traps and real-world infrastructure nodes automatically host lures, which represent resources of potential interest to the attacker. These include configuration files, browser history, drafts, SSH keys, files with passwords and other data. Traps and lures can be generated based on patterns adopted by the organization.
Traps are hosted on separate Trap Manager servers, while the platform and the entire emulated infrastructure are managed on the Control Center server. Control Center server is the place where security events are collected and processed, interaction with external systems is provided, and traps, lures and Trap Manager servers are managed. For large organization infrastructures, the scaling task is easily solved by adding the required number of Trap Manager servers.
“Deception is the next step in the development of security systems to detect various threats at an early stage, including APT attacks and zero-day threats. Defensys TDP is an effective product that will quickly detect the beginning of an attack, gather information on the attacker’s tactics and tools, and analyze weaknesses in infrastructure protection”, said Andrey Chechetkin, Deputy CEO of Defensys.
To create the most realistic traps and lures possible, Defensys TDP allows you to use asset data from Defensys SOAR or Defensys SGRC systems. The Defensys TDP platform detects the interaction of both external and internal intruders with traps and sends alerts to the cybersecurity specialists. Events can be sent to the Defensys SENSE system for investigation, which will automatically create timelines reflecting trap interactions, providing the necessary context to the SOC analyst. The received incidents can be transferred to Defensys SOAR, so that the playbooks can be used to automate the response process.
Besides, attributes and indicators of compromise collected by Defensys TDP can be automatically sent to the Defensys Threat Intelligence Platform (TIP). The Defensys TIP, in return, will enrich this data, identify correlations with other available TI data, configure automatic monitoring in SIEM events, and export indicators of compromise to cybersecurity tools for blocking.
“The Defensys TDP platform is an important element in the Defensys product ecosystem, enabling us to identify security incidents that are difficult to detect by other means. By using Defensys TDP in combination with other Defensys products, our customers will benefit from the added value of taking the detection of security threats to a whole new level. For now, we have already conducted a number of private demonstrations of the product and, based on the positive feedback we have received, we are announcing the start of pilot projects”, said Alex Bond, CEO of Defensys.