Blog  

This is What Enterprise Cyber Counterintelligence Looks Like

Cyber Deception Platform

CounterCraft´s deep expertise in cyber security, applied digital counterintelligence methods, and related technologies has paid off in the new CounterCraft Cyber Deception Platform. Our recent awards from Red Herring and the 2018 Info Security Product Guide have generated a lot of industry buzz. People are taking notice of our enterprise-grade scalability, use of software containerization, modular architecture, and advanced orchestration capabilities. Customers using the CounterCraft Cyber Deception Platform are ready to take on determined, advanced, persistent threat actors who mount complex attacks against their systems and information assets.

Our platform includes four primary components—Deception Assets, Deception Support Nodes, the Deception Director, and the Console. Here’s a closer look at each.

Deception Assets

A comprehensive portfolio of deception assets range from simple breadcrumbs to fully containerized complex servers loaded with deception services and material. Customers can create and deploy hundreds—or thousands—of deceptive assets that match their existing ICT estate, regardless of whether infrastructure is based on-premises, in the cloud, mobile, or on social technology.

Deception Support Nodes

These are specialized server instances that intermediate traffic between deception assets and the Deception Director. Deception Support Nodes can be deployed internally, outside of the organization, in the cloud, on premises, or in mobile environments—giving customers huge flexibility to easily scale deception assets across their entire environment. These nodes also enable customers to customize assets and balance traffic for specific trust or security enclaves.

Deception Director

The Deception Director is the heart of the CounterCraft Cyber Deception platform. It delivers all of the platform’s design, deployment, monitoring, analysis, and export capabilities. It creates deception logic for the customer’s unique environment and orchestrates the complete lifecycle of deception assets.

The Console

Our web-based interface puts the power of our platform at the disposal of security operators and incident responders, deception planners, engineers, and threat analysts. Its context-driven pages deliver tailored views of the environment based on access privileges, user type, deception stages, as well as views of multiple tenant environments in the case of MSSPs.

space

Delivering Actionable Intelligence to Your Team

Cyber defenders need specific, relevant, actionable intelligence to respond appropriately to an incident. We’ve built many unique capabilities into the platform that simplify lifecycle management across the deception environment. They include:

timeline

Design: Cyber defenders can quickly and easily design a tailored deception environment through the console:
Pick-and-play deception assets that mimic the customer environment
Pre-packaged server configurations
Pre-defined architectural placement options based on best practices

Deploy: Push deception assets out quickly with minimal intervention required:
Automated deployment
Integrated Ansible playbooks for simplifying configuration, deployment, and orchestration

Manage: Easily integrate CounterCraft with existing operations:
• Supports in-house, outsourced, and multitenant environments
Flexible integration with a variety of SOC and Threat Analysis and Management systems

Respond: Detect, observe, and respond to live attacks:
Real-time view of attacks as they happen
Real-time, detailed telemetry of attacker activity at every stage of an attack
Automatic identification and delivery of attacker Tactics, Techniques, and Procedures data
Ability to steer, deflect, and block attackers as desired

Analyze: Create actionable cyber threat intelligence based on your real-world environment:
Visualized attack behaviors and Indicators of Compromise (IOC)
Threat analysis via the console or in a SIEM or threat intelligence solution
Shared intelligence via standard protocols (STIX 2.0, OpenIOC, MISP)
RESTful API for deep integration with other systems

space

Don’t Go It Alone

We offer a range of professional services that help customers maximize the CounterCraft Cyber Deception Platform for their organizations. We also partner with service providers and MSSPs to help teams accelerate protection against advanced persistent threats and other cyber attacks.

This is just the start. Now that you’ve had a quick look under the hood, take the next step and contact us for a demo. See why CounterCraft is the right enterprise-class deception platform for protecting your organization.

Like Jim Morrison said, this is the end. But you can...