Skip to content

An Unprecedented Level of Deception Credibility with CounterCraft Version 2.8

Home News & Blogs An Unprecedented Level of Deception Credibility with CounterCraft Version 2.8

A new year means new improvements for CounterCraft. Version 2.8 is here, and it is set to make important strides forward for cyber threat intelligence. CounterCraft continues to be on the cutting edge of the cybersecurity sector, thanks to our expertly crafted technology. We take deception seriously. We are still the only platform to use buffer zones for assets in the cloud and in network, offering flexible capabilities that are attack-technique agnostic.

Recognized as a pillar of innovation in cybersecurity by the likes of Gartner, deception technology is under constant evolution. With our latest release, our focus was on bringing bigger, more powerful tools to the threat intelligence table. In 2.8, we introduce technology that will mark a turning point in the sector.

Read on to find out what this new release means for your cybersecurity team and your organization’s security posture.

An unprecedented level of realism

The biggest news of the new version is the launch of a proprietary technology that allows deception environments to remain fresh and tempting to threat actors, making them look ultra realistic. Our revolutionary new ActiveBehavior technology (a Human Interaction Simulator) is a huge leap forward for deception host credibility, making environments look like real, active production systems. This unprecedented level of realism is incredibly effective. This provides a huge leap forward for deception host credibility by solving the age-old problem of how to make it look like the deception hosts are in current use – like a real production system. The ActiveBehavior tech gives an unprecedented level of realism and allows clients to include user activity across different deception hosts. With ActiveBehavior, create activity in your deception environment such as:


  • Periodic logins
  • Command executions
  • Web browsing

all designed to look exactly like regular human behavior, and all automated. This exciting new technology was based on an extensive funded research program. Compatible with Linux & Windows, ActiveBehavior is already being deployed in deception systems, and its level of effectiveness is wowing both our team and our clients.

Manage multiple clients from a single console

In version 2.8, full multi-tenancy is finally a reality. This fully featured multi-tenant solution was one of the most frequent asks from CounterCraft clients, and now the platform can be deployed for multiple clients from a single console. The creation of a new “Super Architect” role allows a user to control various clients’ deployments of the platform while maintaining full segregation between tenants managed from the same deception director.

Make on-the-fly management simple

The new file browser makes host management incredibly easy. Full interaction with the deception host’s file system is now easy, meaning you can access uploads, downloads, and file edits in a hidden file browser session. This allows real-time adversary interactions – monitoring exfiltration or binary uploads and even changing the modifications. It also makes deploying and refreshing breadcrumbs really simple.

Create complex searches and improve analysis

The new EQL feature equals enhanced performance for your team. The standardised query language for events is integrated into the platform’s Data Explorer, allowing it to execute complex searches and improving analysis capabilities. With EQL, you can easily identify specific events and patterns, giving threat intelligence performance a huge boost.

Optimising backend processes to boost performance

CounterCraft is constantly streamlining its platform and to improve performance. This enhancement allows for streamlined agent communications and backend processing. With new event field name normalization, the event-filtering language becomes even more powerful, allowing users to push blacklists to the agent in a much easier, more efficient manner. Events can also be handled without checking against hundreds of regexes.

Integrate it with systems you use

The new version of CounterCraft offers new integrations that clients have asked for and we have been working to provide. We are now integrated with GitHub, so our users can create public GitHub Gists as breadcrumbs. A new integration with Grey Noise means it’s easy to connect data collected in the deception environment with their internet-scanning technology. And our integration with Proxmox allows easier VM management.

Find out more…

For more information on version 2.8, download the technical memo here.

Find out more about our state-of-the-art, ever-improving Cyber Deception Platform. We are happy to explain what we do, and how we can help you get the best out of deploying deception – from an initial conversation or simple demo, to a fully featured deployment.

Contact us to begin your cyber deception journey with CounterCraft!