There are many elements that go into an organization’s security strategy. And the obvious, unstated overriding dictum is, as in medicine, primum non nocere, or ‘first, do no harm’. A security technology must not bring in vulnerabilities along the way, either in the form of direct attack paths or back doors.
Here at CounterCraft, security is most definitely the name of our game. And with some of the most prestigious and powerful clients in the world, the first company we seek to make secure is our own. We have devoted countless hours and R&D to making sure our Cyber Deception Platform poses no security risks upon deployment for your organization. To find out more, read on about the CounterCraft Security Secret Sauce.
What is CounterCraft’s Security Secret Sauce?
Sometimes we get the question: how do I know that CounterCraft won’t create new and different security issues within my organization’s systems? Will the extra risk that comes from adding a new tool outweigh its benefits?
These are perfectly valid questions, and in fact, we love to get them. They show a client that is security minded, meaning a client that will align with our vision. They also give us the chance to humble brag a bit about all the work we’ve put into making our platform super secure.
So, what is the secret sauce that makes this platform so secure? CounterCraft uses a combination of high-level security engineering, security by design, and security best practices to ensure that the CounterCraft Threat Deception Platform does what it says on the label: detects threats, collects intelligence and manages attacks — no more and no less. CounterCraft is already trusted by the most demanding customers on the planet and counts the US DoD and NATO among its clients.
The Security Secret Sauce is spread across the three main layers of the product:
- The Control Plane (Deception Director)
- The Command & Control Network (ActiveLink)
- The Deception Endpoints and Servers in the Deception Environments (ActiveSense)
The Cyber Deception Platform is made up of a Control Plane that gathers all the data together for analysis, deploys deception environments, and sends out commands to control and monitor the environments. The commands and data are carried by the Command & Control network. And, the Deception Environments are the sensing environments that are deployed to gather information about threat actor movements and techniques.
The Control Plane (Deception Director)
The main central component of the control plane system, the Deception Director, runs as a non-privileged user on a containerized platform for easy, safe, deployment. The containers run in a private network with minimum exposed ports. The control plane uses role-based account control (RBAC) and has full audit trail features. You don’t need to worry about the Deception Director being a point of weakness — even from insider threats.
The Command & Control Network (ActiveLink)
The Cyber Deception Platform needs to maintain communication links to the Deception Environments that may be deployed across a variety of enterprise networks or internet hosting platforms, both to harvest data and control and command the environments. Our ActiveLink technology is a command and control network that uses best security design practices to ensure that the deception environments are where the threat actors stay. CounterCraft segments the command & control network via the use of intermediate proxies (Deception Support Nodes) that separate the deception environments from the control plane providing security, isolation and segmentation to deployments All communications are encrypted and the network is designed to limit the propagation of threat actors outside of the deception environments using clever combinations of one-way traffic and certificates to avoid lateral movement, and minimise risk. You can securely deploy ActiveLink knowing that CounterCraft will uncover security weaknesses, not add to them.
Deception Endpoints & Servers (ActiveSense)
Deception Endpoints and Servers that make up ActiveSense Deception Environments make use of our hidden agent tools for data gathering. The same tools only accept secure and authenticated commands from the Control Plane to interact with the ActiveSense environments. The tools monitor for improper usage of the environments by threat actors and can intervene if threat actors attempt to leverage the deception environments to support further malicious activity.
This brief summary should give you an idea of how we work to keep everything we do on your network secure. The combination of security elements across all three areas of our Cyber Deception Platform give you a safe base from which to run all your deception based activities: detecting threats, collecting intel, managing attacks.