Meaningful threat intelligence is hard to come by – the most valuable intelligence is specific to the organisation being targeted. Honeypots and sandboxes are tools for trying to contain attackers and safely evaluate their tools, techniques and procedures (TTPs), but many honeypots are too easily detected by malware or hackers.
Based on an extension of our ‘Pattern of Life’ software agent technology, our Deception system can create, in hours, a network of realistic machines, which appear to have been in use, by real people, using real applications to edit and exchange data.
Suspected malware is injected via an Application Programming Interface (API) and allowed to run. The malware, or a hacker connecting to the detonated malware, will then see a believable target computer and network.
Deception can be used to enhance any enterprise-level cyber security deployment, typically in a Security Operations Centre (SOC), seamlessly integrating with other cyber security measures. Running in a virtual environment, the platform is fully instrumented to build a picture of the attacker’s activities and tools. Attackers interacting with a deception system are revealing their intentions and interest, wasting their time and providing valuable threat intelligence.