The Defensys company issues a new version of its platform for digital imitation of IT infrastructure elements Defensys Threat Deception Platform (TDP) v. 1.5. It has the expanded list of traps and lures templates, integration with the SOAR system from Defensys and the enhanced capabilities of working with security events.
In the Defensys TDP v. 1.5 vendor has complemented the list of traps and lures templates. There appeared HTTP traps, that imitate logon screens of network equipment and also lures for MacOS and Linux operating systems. One more new thing – lures for saved connections to SMB network sources.
One more significant new feature is related to the integration capabilities. Besides a standard syslog push integration with external systems Defensys TDP now has direct seamless integration with the Security Orchestration Automation and Response system Defensys SOAR. Now all the events related to the same trap detected by Defensys TDP are automatically transferred to the Defensys SOAR in a form of one aggregated incident. Furthermore, a user can manually tune a period of aggregating of these events from the required trap.
In this updated version the Defensys company enhanced the process of automated traps creation: there appeared a menu that helps to adjust the trap’s content. For instance, for the purposes of accounts creation you can use predefined dictionaries with names and surnames where you can tune the percentage of different types of users depending on the region where some of the branches are operating. The system helps to customize the pattern for accounts creation with password settings regarding the company’s policies. For creating of logins, server names and FTP banners own dictionaries can be uploaded. Thanks to this feature all the automatically generated data for traps will be not distinguished from the original ones.
Because of the fact that any interaction with the trap is a critical event the vendor added a feature when there is an option to add exceptions for log sources for case of the legitimate port scanning. For instance, users can add to this exception list an IP address that is related to the vulnerability scanner.
Furthermore, the version 1.5 can now visually show traps and lures interconnections on the real hosts. The “Events” menu shows what lure is connected to some particular trap where new event is detected. Also there appeared events timelines where all the history of the particular trap’s interaction is reconstructed with the ability to do filtering by time and criticality.
“We are continuously working on adding brand new features to the product: expanding the list of traps and lures, and we aspire to consider the demand of our customers from different regions”, – said Andrey Chechetkin, Deputy CEO of Defensys.
“Also all Defensys products are parts of a whole ecosystem and are built upon unified integration mechanisms and configurations. This way they can interrogate between each other with the maximum of value and enable the comprehensive cyber security management for our customers”.