Threat Intelligence Managers.
Threat Intel feeds have low impact. They contain generic information directed at an industry vertical. The information often arrives late.
Threat Intel Managers want high-impact data that is targeted, timely and can be easily shared with other teams.
CounterCraft’s threat intel campaigns collect high-impact data that is targeted and timely, from the organization’s own external attack-surface.
These campaigns concentrates on external services and cloud services only:
The Deception Director deploys a mix of breadcrumbs on the Internet: S3 buckets, Shodan, GitHub, PasteBin, domain names, documents, etc.
The Deception Director deploys cloud-based services on the Internet: Office365, Google Suite, etc…
The Deception Director deploys internet-facing services from local or cloud hosting: Web Applications, Containers, Blogs, Databases, FTP servers, etc.
Once deployed the campaign collects all adversary interactions and enriches raw data to provide threat intel insights.
Detect adversarial pre-attack activity before any network breach has occurred an external deception platform is the only cybersecurity product that can provide this capability.
Profile your adversaries. Collect intel describing the TTPs, intentions, and motivations of attackers without increasing the risk profile of your organization.
Deliver high-impact threat intelligence generated by targeted attacks against your organization in real-time.
Reconfigure other IT Security systems with the Threat Intel data provided by CounterCraft in real-time to boost enterprise security.
To identify external threats to our organization for a new web-based system.
Deception was the best way to quickly and efficiently evaluate the level of external reconnaissance focused on us. Using the CounterCraft platform allowed us to interact outside the traditional perimeter of our organization, in fact the whole campaign was cloud based.
The results for us were very interesting, we were able to identify three types of activity directed towards us - including the threat of external systems being used for cryptomining. By analyzing activity patterns and the adversary TTPs gathered we are able to feed this data back into our security design process immediately and reinforce the new system that is currently being deployed.