Blog  

Real World Cases: Threat Intel to Detect Insider Threats

Insider threats were involved in 30% of the data breaches in 2020. Insider threats are one of the most difficult security problems to detect, but CounterCraft provides high-confidence alerts by creating deception environments that attract anyone poking around where they shouldn’t be.

Detecting insider threats is not easy for security teams, in part because an insider has legitimate access to the organization’s information and assets. Distinguishing between normal activity and potentially malicious activity is a real challenge for security teams.

By setting up breadcrumbs across all production devices, CounterCraft creates deep deception environments that collect threat intelligence from the movements of these insiders. These deception campaigns are run on internal networks and assets, precisely where insiders are likely to find them: endpoints, servers, WiFi networks, shared folders, applications, Containers, Blogs, Databases, FTP servers, ATMs and more. Watch the video to hear what one of our clients in the retail industry has to say about their success with CounterCraft.

With our platform, our clients have had success:


Detecting insider threats not observed by other systems trying to access confidential information.
Collecting and analyzing threat intelligence to offer insight into adversary patterns and TTPs that can help you manage attacks.
Protection that has zero impact on production systems and users.
Profiling adversaries without increasing the risk profile of your organization.


Read more about how threat intelligence can be used to detect insider threats..

See more real world cases of CounterCraft on our YouTube channel.

Like Jim Morrison said, this is the end. But you can...