The best active defense tech on the planet.

We have built the highest-quality deception platform for active defense. Our proprietary ActiveLures™ populate ActiveSense™ environments and communicate using our ActiveLink™ technology.

CounterCraft technology

ActiveLures

Custom or template-based CounterCraft breadcrumb technology that can be deployed across multiple endpoints, servers or even on internet based platforms such as PasteBin, GitHub and Shodan. Both passive and active breadcrumbs allow you to tailor them to attract exactly the adversary you are targeting.

The main job of the ActiveLures is attract adversaries into the CounterCraft ActiveSense Environments.

ActiveLures

ActiveSense Environments

ActiveSense Environments are the core of your CounterCraft deployment. They contain real machines and real services that provide a credible environment to deflect and monitor the adversary.

ActiveSense Environments are deployed quickly and controlled from the CounterCraft Platform. A wide range of host types and services are available, out of the box, to create an environment that is credible and makes the adversary think they have struck gold!

ActiveSense Environments combine the detailed telemetry collected by the DeepSense agents and the command and control capability of the CounterCraft ActiveLink network to provide a full, deep-sensing environment to collect and deliver all adversary activity in real time.

DeepSense Agent

How to gather telemetry unseen and undetected? The CounterCraft DeepSense agent is the key.

The fully cloaked agent gathers all adversary activity on the deception host and sends it back to the CounterCraft ActiveConsole via the ActiveLink command and control network.

ActiveBehavior

ActiveBehavior is a human interaction simulation tool that keeps a deception environment looking authentic without you lifting a finger by automating the process of logging in and performing “typical” user activities, or basic SysAdmin tasks.

ActiveSense Environments

Deception Director

The Deception Director is the heart of the CounterCraft Platform. The web-based console provides full design, deployment, and management functionality for all of the components, from ActiveLures deployment to automatic responses to detected adversary activity.

The Deception Director can be hosted locally or remotely and provides a powerful tool for analysis and alerting and active defense deployment.

Deception Director

Integrations

The CounterCraft Platform plays nicely with other platforms. If you need to share threat intelligence or incident data with another platform, our many integrations make this easy. Whether it's a SIEM, SOAR, Intel Sharing Platform or messaging service, the chances are it is already part of the CounterCraft third-party integration family.

If you can't find your specific app, a fully documented RESTful API is available to make new integrations a breeze.

Integrations

Platform Benefits

Detect Early

down

Gain time to respond to attacks

down

Enhance cyber resilience

Generate high-quality alerts of threat actor activity earlier than any other system: Pre- & Post-Breach detection.

Force threat actors to reveal themselves during “pre-attack” phases of attack planning and reconnaissance, or during the internal lateral movement phase.

connector

Collect Actionable Threat Intel

down

Prioritize your actions and decisions

down

Reduce cost

Collect TTPs and IOCs in real time to enable threat hunting and speed up incident response.

Automatically enrich threat data by mapping it to the MITRE ATT&CK.

Integrate with your Threat-Intel workflow: deliver high-impact threat intel feeds that are targeted and timely.

connector

Proactively Protect your organization

down

Adapt your defenses in real - time

down

Prevent disruption from attacks

Integrate contextualized threat intelligence with incident response workflows.

Proactively reconfigure enterprise security systems to resist attacks.

Automatically engage threat actors to slow attacks and extract higher-impact threat intelligence data and reveal their TTPs and IOCs.

Access the full product description here

DOWNLOAD DATASHEET

A Unique Approach to Proactive Defense

widest-coverage

Widest Coverage - Works inside and outside the traditional enterprise perimeter. Fully cloud integrated. Easily deploy buffer zones around vulnerable cloud assets.

Europe Flag

Friction Free - Host-Based with Cloud Infrastructure integration - no need to plug into internal network equipment.

Europe Flag

Highly Automated - Highly automated deployment and management process means reduced resource usage.

widest-coverage

Ready to Go - Pre-installed with best-of-breed deception use-case catalogue. Non-experts can use the system out-of-the-box.

widest-coverage

Use Case Flexibility - Campaign-based approach to deception allows you to deploy multiple use-cases for deception with the same tool.

widest-coverage

Adversary Mapping - Don’t wait for the attackers to breach your network. Associate threat intel data with our adversary profiles. Get ahead of the threat cycle, understand their TTPs and strategic drivers.

Are you ready for Deception?
Free resource

Are you ready for deception?

Wondering if deception is right for your organization?

This ebook will give you everything you need to know to make an informed decision. Download it today to discover if you are ready for deception technology.

  • Nine pages designed to explain deception readiness
  • A quiz to help you assess next steps
  • An overview of low, medium and high maturity business profiles
  • Contact information to get an in-person assessment if you desire