This is the perfect time to reflect on the year past and think about what the future will bring. So, before starting 2020 with renewed purposes about making your organization more secure, why not take a moment to re-read our top 5 blog posts of 2019?
Threat hunting is a proactive technique that combines security tools, analytics, and threat intelligence with human analysis and instinct. Deception technology brings threat hunters many benefits, such as reducing the window of opportunity for the threat actor (thus increasing the resilience of business networks and systems, as well as maintaining the integrity of the brand), reducing the number of attack vectors, limiting impact on business services and proactively hunting threats in real time.
Have a look at this post to know why deception should be part of your threat hunting activity.
In this post, Richard Barrell, Product Manager at CounterCraft, tells us how the CounterCraft deception technology can be used to protect Microsoft Active Directory, the default enterprise network operating system. Active Directory is an obvious target for adversaries —deception technology helps organizations detect and control an attacker as they attempt to breach an Active Directory installation.
In which areas is the deception technology used to detect this activity?
1. Detecting enumeration of AD credentials at the endpoint
2. Detecting enumeration of AD credentials at the production AD domain controller
3. Detecting enumeration of AD credentials in shared resources
Each area is part of a carefully structured Deception Campaign deployed from the CounterCraft Deception Director. Want to know in detail about the infrastructure required to support the Deception Campaign? Then read Part 2 here.
This year we presented a fully MITRE integrated platform to tool up threat hunting teams at RSA Conference in San Francisco. The MITRE ATT&CK framework provides the global cybersecurity community with a common language for explaining incidents and understanding how attackers operate. Mikel Gastesi, Senior Threat Intelligence Analyst at CounterCraft, wrote about the possible applications of MITRE for threat hunters. If you want to know more, this is a must read!
Deception technology allows threat hunting and threat intelligence teams to engage with adversaries earlier in the attack sequence defined by the MITRE ATT&CK framework. Why use high-end, full-spectrum deception technology in the context of today’s threat hunting challenges? You’ll find the answer here.
Grab yourself a cup of coffee and learn more about the company and the state of the cyber deception market with this interview to one of CounterCraft’s founders and CSO, Dan Brett.