Internal IT Security Manager, SOC Manager.
SOC managers lack clear and trustable detection controls for targeted adversaries that are present on internal networks. Creating these detection controls are a priority for SOC managers.
Detecting adversaries before or during lateral movement is hard with current IT Security systems. They are often missed by host-based security controls (EDR) or network monitoring solutions (IDS).
CounterCraft’s internal lateral-movement campaigns provide high-confidence alerts to adversarial presence.
This is done by using breadcrumbs across all production devices and providing deeper deception environments to contain adversaries and collect further threat intelligence data.
Unlike other campaigns, these are focused entirely on internal services:
The Deception Director deploys a mix of breadcrumbs on internal assets: endpoints, servers, Active Directory repositories.
The Deception Director also deploys services internally: WiFi networks, Shared Folders, Web Applications, Containers, Blogs, Databases, FTP servers, SWIFT applications, PLCs, Medical Devices, ATMs, etc.
Rapidly detect adversarial post-breach activity (the adversary is already inside the perimeter), that has not been observed by other systems. Detect adversaries within one hop of lateral movement.
Zero impact on production systems and users. No agents. Use existing IT management tools to deploy.
Profile your adversaries. Collect intel describing the TTPs, intentions, and motivations of attackers without increasing the risk profile of your organization.
Manage attacks. Reconfigure other IT Security systems with the Threat Intel data provided by CounterCraft in real-time to boost enterprise security.
Detecting the Red Team moving laterally.
We were looking for high fidelity alerting with a solution that could be scaled and deployed rapidly - It took less than 3 weeks to deploy-, and that could be used within legacy networks.
The Cyber Deception Platform detected the Red Team on three different occasions and in all of them the Red Team had not been detected by any other security tool set deployed. We prevented the Red Team from capturing the crown jewels and further infecting the network.