DeceptionGrid —DeceptionGrid is a full suite of deception techniques, including the automated deception
Tokens (lures) and medium and high-interaction Traps (decoys). It baits attackers by deploying camouflaged Traps and Tokens among your actual IT resources. Our Traps appear identical in every way to your real operational IT assets and your connected Internet-of-things (IoT) devices. Deception in Depth takes the illusion a step further, engaging sophisticated attackers by maintaining a facade of convincing network traffic among our Traps.
DeceptionGrid Core Functionality – DeceptionGrid scans your existing network and provisions hundreds-to-thousands deception components. Deception Tokens, or lures, which appear as ordinary files and databases, are embedded within real IT assets. Traps—decoys that emulate servers, workstations, network switches, etc.—can be deployed rapidly, as can special decoys that emulate medical devices, ATMs, retail point-of-sale terminals, components of the SWIFT™
Full Automated Forensics – Real-time automation isolates attacker tools and malware and can forward it for advanced analysis. TrapX provides malware analysis services based on our ecosystem integration, and we also offer a cloud-based option. We combine the additional intelligence gained from our analysis with Trap activity and deliver a comprehensive assessment to your security operations center team. DeceptionGrid’s Network Intelligence Sensor feature analyzes outgoing communications and, combined with its analysis of Trap activity, builds a complete picture of compromised assets and attacker activity.
AIR Module – AIR Module, designed for rapid automated forensic analysis of suspect endpoints, is a core component of DeceptionGrid and a key part of our Deception in Depth architecture.
Automated analysis is triggered by indications of compromise (IOCs) identified by DeceptionGrid and often pointing to compromised endpoints. The AIR Module performs a complete, fully automated forensic analysis of any suspect endpoints, then loads the forensics artifacts from the endpoints into the AIR Module. The module then runs smart intelligence correlation against the artifacts to complete and deliver the analysis.
Integrated Event Management and Threat Intelligence — Information from the automated forensic analysis is pulled into the management system, tagged with a unique ID, and then stored within the integrated event management database. The business intelligence engine combines the information with threat intelligence data to prevent future attacks. The Network Intelligence
Center monitors outbound activity on real hosts, based on information on malicious activity spotted within decoy systems.
CryptoTrap™ Module — CrytoTrap is another important core component of DeceptionGrid and a key part of our Deception in Depth architecture. CryptoTrap is designed specifically to deceive, contain, and mitigate ransomware early in the exploitation cycle, halting the attack while protecting valuable resources. Traps are created that appear as valuable network shares to ransomware. Customers can also provide their own decoy data to make the information appear even more authentic. CryptoTrap reacts to a ransomware attack immediately and holds the ransomware captive to protect real systems while concurrently disconnecting the source of the attack.
Deception Tokens (lures) appear as ordinary files, scripts and configurations, are embedded within real IT assets to bait and divert attackers away from real high-value assets and into the traps.
Active Traps create a stream of false network traffic between deployed Traps to confuse and divert attackers that monitor the network traffic.
Our patented emulated traps can be deployed at the largest enterprise-scale through automation. You can select from a wide variety of servers, databases, workstations, switches, routers, and Traps tailor-made to your organization’s native environment. After a Trap is interacted with and the cyber-attack is thwarted, the Trap will change its shape and location, so the attacker will never learn if something is a Trap or a real asset.
Hundreds of New Industry Templates
The DeceptionNet Community now offers hundreds of new industry templates (updated regularly) that are available for your use. In addition, our patented medium interaction traps also include expanded templates for specialized devices based on specific industries. These templates include, ATM and SWIFT assets for financial services, Point of Sale (PoS) devices for retail, as well as devices for medical, manufacturing and many more. This allows you to determine if attackers are targeting your specialized devices that are often vulnerable to attack.
High Interaction (Full Operating System) Traps
DeceptionGrid enables the provision of full operating system (FullOS) Traps. Our medium interaction Traps automatically extend engaged attackers through our smart deception to our FullOS Traps for the deepest attacker diversion and engagement. FullOS Traps also enable you to clone existing assets – you can completely replicate actual production servers to further deceive attackers.