CounterCraft 2.6, is here, and as we throw ourselves into our fourth visit to San Francisco’s Moscone Centre in a few weeks, we can’t think of a better way to embark on this new decade. Generating more and more attention the world over, deception technology is set to influence a new generation of threat intelligence and is now recognized as a pillar of innovation in cybersecurity by the likes of Gartner.

Our latest release enters us into the top league of deception technology vendors and brings a smorgasbord of enhanced features and functionality, based on real customer requirements, to an already award-winning platform – rivalling cybersecurity giants as the only platform to minimize the impact of a cyber attack using buffer zones for assets in the cloud and on premise and with capabilities that are proven to be some of the most flexible and forward-thinking currently available in the deception market. Here’s a summary of what this means for your colleagues on the front line, and your organization as a whole.

Detect, understand and respond to your adversaries

Regardless of the industry you’re operating in, we’re all immersed in a complex digital environment. Adversaries show no sign of slowing down in an age where differentiating between what’s real and what isn’t is a battle in its own right. The good news is, we’ve been working hard to provide a solution that can tell you a great deal about the bad actors you’re up against, and now, enable you to get to know them even better. The more informed you are, the much better equipped you are to deploy the right defenses and protect what’s at stake.

Did you know there are five stages of deception according to Gartner?

  1. Basic threat detection
  2. Detection and response
  3. Production of local IoC and MRTI
  4. Integrated proactive threat hunting
  5. Active attacker engagemen

The majority of competitor solutions focus on the first two. CounterCraft delivers across the board, with a strong focus on engagement with threat actors. This is thanks to more than 35 systems integrations that are now live, including MISP, Cloud, SOAR, SIEMs and mobile phones. As part of this release, MS Office 365 is now active, enabling automated generation of fake emails; and we’ve also employed some fancy human interaction tech to automate activity on fake social media profiles. Your adversaries won’t notice the difference between a real and synthetic environment, because there isn’t one.

Enhanced user interface shaped by real users

Each development sprint is framed by the most recent technical studies and shaped by feedback from clients already using CounterCraft, who represent an international cyber security effort. This release is no different. Improvements include more third party system integrations and unified attack data, campaign cloning and isolation, plus more options to receive highly personalized notifications across the likes of Telegram, Signal, Twitter, Microsoft Teams and email.

We’re now part of an evolution from information technology to operation technology, and the latest version of the CounterCraft Cyber Deception Platform launches with this in mind. Regardless of which space you’re most familiar with, ease of use is at the core of our development roadmap; as the tech enables increasingly specific adversarial analysis, our aim is to facilitate the role of SOC teams, Threat Hunters, Researchers, Analysts…, and provide a solution that’s as efficient and intuitive as it is effective.

Deception: is it just a con?

We love a good list, and we can think of three:


  • Insight into the context of an event is key to a more enriched threat hunt. Enhanced UI functionality enables you to turn raw threat data into actionable threat intel.
  • Researchers in particular will benefit from improved, pooled event timelines of how, when and what types of incident have occurred, plus information about the origin of an attack, and using this, be able to fill gaps and seamlessly generate all-important contextual data.
  • In addition, improved tagging options supporting MITRE ATT&CK™ database integration enable automated event classification.


  • Multi-tenancy had a starring role in our last major release (2.0) and further development now enables deception-as-a-service. All CounterCraft partners with access to the platform interface can now provide deception services to their end-users.
  • CounterCraft 2.6 goes live with a catalogue of 25 campaigns that are ready to launch – as yet no other vendor competes with this offering. Choose the campaign that best fits your next threat hunt hypothesis to generate specific intel and save time using this first-of-its-kind feature.


  • At an organizational level, multi-tenancy ensures high levels of confidentiality are maintained.
  • it’s important to note that the intelligence gathered by campaigns is owned by the client or partner organization and is never fed back to CounterCraft.
  • Integration with SWIFT meets fraud prevention standards in the financial sector.

Richard Barrell, Product Manager at CounterCraft said: “This is more than deception. CounterCraft 2.6 will power up any enterprise cyber counterintelligence strategy with the kind of in-depth behavioural analysis that enables clients to profile adversaries with improved precision, and calculate the probability of different types of attacks occurring.”

“CounterCraft 2.6 gathers high-quality intelligence for an organization through assets such as: WiFi, SWIFT, email, social media, SCADA and MS Office 365. This, combined with our growing proprietary knowledge base and MITRE ATT&CK™ integration, means it’s now possible to anticipate the movements of APTs with a high degree of accuracy; in practice this means campaigns can be tailored very specifically to attract, and thus identify, attackers.”

Visit us at RSA Conference San Francisco | 3343 South Expo Catch up with the team at RSA Conference San Francisco 2020, where we’ll be reuniting with the global cybersecurity community for another year running and showcasing how the CounterCraft Cyber Deception Platform creates buffer zones around an organization’s assets in the cloud and on premise to minimize the impact of a cyber attack. Schedule a demo or book a meeting here.