Insider Threats –

Protect Intellectual property and trade secrets.

Who is it for?

Internal IT Security Manager, SOC Manager.

What is the problem?

An insider is someone who (knowingly or unknowingly) misuses legitimate access to commit a malicious act or damage the business.

With insider threats being involved in 30% of the data breaches in 2020, it represents a vector that can't be overlooked. (*)

Detecting insider threats is not easy for security teams. The insider has legitimate access to the organization's information and assets. Distinguishing between normal activity and potentially malicious activity is a challenge.

CounterCraft’s internal lateral-movement campaigns provide high-confidence alerts to adversarial presence.

This is done by using breadcrumbs across all production devices and providing deeper deception environments to contain adversaries and collect further threat intelligence data.

Unlike other campaigns, these are focused entirely on internal services:

The Deception Director deploys a mix of breadcrumbs on internal assets: endpoints, servers, Active Directory repositories.

The Deception Director also deploys services internally: WiFi networks, Shared Folders, Web Applications, Containers, Blogs, Databases, FTP servers, SWIFT applications, PLCs, Medical Devices, ATMs, etc.

Cyber deception helps our clients detect insider threats early.

Rapidly detect insider threats trying to access confidential information not observed by other systems.

Zero impact on production systems and users. No agents. Use existing IT management tools to deploy.

Profile your adversaries. Collect intel describing the TTPs, intentions, and motivations of attackers without increasing the risk profile of your organization.

Manage attacks. Reconfigure other IT Security systems with the Threat Intel data provided by CounterCraft in real-time to boost enterprise security.

Industry: Retail

Role: SOC Manager

What was your goal?

Mitigating the risk of undetected insider threats that could leak data to competitors.

Why did you choose deception?

We take cyber security very seriously and we wanted to make sure that there were no threats passing undetected, mainly ones that had privileges of information access. We also wanted a solution that could be fully integrated with our SIEM to enhance its capability.

What results did you achieve?

By deploying two different internal deception campaigns, we detected in less than six months two "curious" employees that were accessing information they should not have. These intrusions were not detected by any other system.

Speak to an expert to see how to leverage cyber deception to detect insider threats.

GET IN TOUCH