Blog  

Cyber Deception as a Service: Multitenancy and MSSPs

Cyber Deception and UK Businesses

One of the most useful operating features of Countercraft’s Cyber Deception Platform is the capability to provide multitenant capabilities out of the box.

According to Gartner, multitenancy is “a reference to the mode of operation of software where multiple independent instances of one or multiple applications operate in a shared environment”. What multitenancy really means is loads of time saved for those who balance various clients, departments, or other instances in a cyber deception platform. Multitenancy can be incredibly useful to MSSPs and large corporations for separating instances, aka tenants, to keep their info and data isolated yet maintain a physically integrated interface.

Organizations need deception technology, and multitenancy delivers it—without the hassle. To deal with particular use cases like insider threat detection, human-driven ransomware, red-team containment, and external campaigns, you don’t always need the full solution. Many clients prefer to get personalized deception campaigns for a specific use case, and to get the campaign as a service. Even better if their needs and campaign can be managed by their trusted cybersecurity managed security service provider (MSSP). What multitenancy does is save partners and MSSPs valuable time—no more logging in and out all day long. Multitenancy means seamless transitions and ease of monitoring whether dealing with 10 or 100 clients.

This is an amazing business opportunity for MSSPs. Here’s how it works:

An MSSP has an instance of our Cyber Deception Platform installed in their own premises (SOC).
They can then offer individual campaigns (use cases) to end clients, knowing that they can service multiple end clients from a single Cyber Deception Platform using our multitenant capability
Internally, we scale our licensing via the number of Deception Hosts (a component of our platform) that the MSSP deploys.
That leaves our MSSP partners free to provide custom deception campaigns to their clients following their own company’s sales and services strategy.
MSSPs have total freedom to monetize the managed service as they please.

Multitenancy is a must-have feature if you want to provide managed deception services to a variety of customers.

Rapid Setup with Pre-Defined Templates

CounterCraft Cyber Deception Platform has a large directory of predefined campaigns built in as templates to get MSSP partners up and running quickly. Some of our popular examples include lateral movement detection and external VPN threats for remote workers. These are classic campaigns that are perfect for clients new to deception. The MSSP partner gathers some basic info from the end client and uses the template to rapidly deploy deception.

Security & Dependability

Our multitenancy platform option is as secure and dependable as it is in a single-tenant scenario. We build in features that preserve the security of the hardware and make sure that the resources the platform needs to run perfectly are always available, no matter the number of licenses.

Threat Intelligence

From the get go, these campaigns add value to the services that MSSPs provide to clients. CounterCraft delivers specific threat intelligence and local indicators of compromise as a handy data feed. This data triggers incident response processes and informs threat hunting activities.

The CounterCraft automated deception platform will deliver real time intelligence to the analyst. The level of granularity of the intelligence includes but is not limited to:

Calls to command and control servers
Tools and ports used on the deception asset
Malware and other tools kits deployed onto the deception assets
Programs innated and commands called
DNS calls and ports used
IOCs & TTPS
Process and memory dumping

Create Revenue-generating Services

The insights that come from the above intelligence can also boost other managed security services:

Consultancy services: Evaluate the results and intelligence of the campaigns to adapt to new threats or vulnerabilities.
MDR : provide more and better detection feeds to the MSSP service. Early Threat Detection enhancer. Premium service. Different metrics possible.
SIEM : Send compelling/unique events and/or TTPs (push),query the SIEM for specific IOCs (pull), extract IoCs from the Deception Director API and create alerts in the SIEM.
Metrics man/hour. SOAR : Create incident and define playbooks for further actions: isolation, deploy breadcrumbs in specific locations, set engagement rules. Metrics man/hour.
Threat hunting enhancer: Accelerate and prove in a real environment the hypotheses of attack reducing effort time of the threat hunting team.

Common MSSP integrations

CounterCraft comes with multiple integrations to common tools used in MSSP environments: Splunk, DeMisto, Google Workspace, MISP and more.

Multitenancy means deception as a service is easier than ever before. It’s an opportunity for MSSPs to provide a valuable service for their clients, without complicating their workflow. And CounterCraft’s Cyber Deception Platform makes it simple. Get in touch today to request a demo.

Cyber Deception as a Service: Multitenancy and MSSPs
Our platform’s multitenant solution—and why it matters

Like Jim Morrison said, this is the end. But you can...