Defensys has announced the commercial release of the Defensys Threat Deception Platform. Defensys TDP belongs to a class of Distributed Deception Platforms (DDP) that use active deception techniques. It allows you to detect intruders and mislead them by distorting the perception of the corporate network with fake elements.
At the heart of all Deception technologies is the concept that any company is compromised by default. Classical perimeter protection and monitoring tools in today’s reality lose their effectiveness. Sooner or later intruders penetrate an organization’s infrastructure and can spend months exploring it without being detected.
Deception technologies act as one of the last lines of defense, capable of slowing down and identifying the cybercriminal. Using a set of interconnected traps and lures, the system allows you to mislead the hacker, detect his presence on the corporate network early on, and enables you to prevent the attack from developing before it causes significant damage.
The Defensys Threat Deception Platform provides users with the ability to automatically deploy trap and decoy networks from ready-to-use templates. In addition, Defensys TDP allows you to create traps and lures as similar as possible to the customer’s specific systems and IT assets based on infrastructure data.
The updated Defensys SGRC platform has a new process for handling summary audits. The term «summary audit» refers to an audit that is used to perform a comprehensive audit of one or more assets according to one or different standards. This is a handy tool that allows you to significantly save time when you need to aggregate information from multiple audits. In version 4.7, the summary audit interface became the center from which an expert can manage all the included audits. The user can edit the workgroup, change the status, evaluate requirements, manage remarks, and generate a processing plan from the summary audit. There is now an option to quickly view the asset card included in the assessment area, which displays general information about the category, responsible persons, related assets, and others. A new tab Summary was added that includes a customizable mini-dashboard that contains information on the audit results, check progress, created reports, statistics on open and processed issues.
The platform’s integration capabilities have been significantly increased. Defensys SGRC now includes integration with Skybox and the Tenable Security Center vulnerability scanner. Universal integration using Python has also been added to import asset and vulnerability data from any information source using a script.
Defensys introduced Threat Intelligence Platform (TIP) version 2.0. This release introduces key changes in the mechanism of ranking indicators of compromise, integration with the Defensys SOAR, and the ability to obtain quality threat intelligence data from new sources.
One of the major updates to the platform was the improvement of the scoring model that calculates the score of the indicators of compromise (IoC). This new model calculates the score based on the statistical metrics. During the calculation a number of parameters are taken into account, such as IoC’s interconnections and all related context, how complete was the received data, and how timely it was delivered in comparison to the other connected sources. Also, the system takes into account if the indicator was found in the exception list or not. With this advanced TIP scoring model, monitoring center analysts can easily identify the most relevant and malicious IoCs and work with threats that are relevant to them.
Defensys TIP 2.0 has an improved integration mechanism with Defensys SOAR. Now the system is able to distribute the data about the detected indicators across the fields inside the incident card of Defensys SOAR. Also you can group indicators together when the mass detection occurs to send them to the Defensys SOAR.
