Internal IT Security Manager, SOC Manager.
An insider is someone who (knowingly or unknowingly) misuses legitimate access to commit a malicious act or damage the business.
With insider threats being involved in 30% of the data breaches in 2020, it represents a vector that can't be overlooked. (*)
Detecting insider threats is not easy for security teams. The insider has legitimate access to the organization's information and assets. Distinguishing between normal activity and potentially malicious activity is a challenge.
CounterCraft’s internal lateral-movement campaigns provide high-confidence alerts to adversarial presence.
This is done by using breadcrumbs across all production devices and providing deeper deception environments to contain adversaries and collect further threat intelligence data.
Unlike other campaigns, these are focused entirely on internal services:
The Deception Director deploys a mix of breadcrumbs on internal assets: endpoints, servers, Active Directory repositories.
The Deception Director also deploys services internally: WiFi networks, Shared Folders, Web Applications, Containers, Blogs, Databases, FTP servers, SWIFT applications, PLCs, Medical Devices, ATMs, etc.
Rapidly detect insider threats trying to access confidential information not observed by other systems.
Zero impact on production systems and users. No agents. Use existing IT management tools to deploy.
Profile your adversaries. Collect intel describing the TTPs, intentions, and motivations of attackers without increasing the risk profile of your organization.
Manage attacks. Reconfigure other IT Security systems with the Threat Intel data provided by CounterCraft in real-time to boost enterprise security.
Mitigating the risk of undetected insider threats that could leak data to competitors.
We take cyber security very seriously and we wanted to make sure that there were no threats passing undetected, mainly ones that had privileges of information access. We also wanted a solution that could be fully integrated with our SIEM to enhance its capability.
By deploying two different internal deception campaigns, we detected in less than six months two "curious" employees that were accessing information they should not have. These intrusions were not detected by any other system.