ShadowPlex Autonomous Deception

• Accurate Detection
• Timely Detection
• Cost-Effective Detection

ShadowPlex is designed for Enterprise IT, IoT and ICS environments and based on patented innovations. Deception Farms Deception-farms is a seminal innovation that delivers scale and adaptability. Sensors are placed in the network segments. All decoys are born and live in a centralized virtual server farm. They are projected onto the network, thus optimizing resource consumption and delivers flexibility. Fluid Deception Fluid Deception is a patented technology that achieves resource efficiency by just in time decoy creation, minimizing costs, maximizing effectiveness. No longer do you have to choose between emulation and full host decoys. Security Ecosystem Integrations ShadowPlex provides comprehensive API support allowing Deception campaigns to be orchestrated from other environments. This also facilitates integration with 3rd party security tools such as:

• Threat Intelligence
• IT Change Management platforms
• SOAR (Security Orchestration and Response)
• SIEM
• Perimeter Defense
• NAC (Network Access Control)
• Vulnerability Managers
• SSO, Identity Management, Privileged User Management Systems
• EDR, End-point

Threat Deception Technology to Detect Threats Early, Accurately & Efficiently The ThreatDefend Deception Platform is a modular solution comprised of Attivo BOTsink® engagement servers, decoys, and deceptions, the ThreatStrikeTM endpoint deception suite, ThreatPathTM for attack path visibility, ThreatOpsTM incident response orchestration playbooks, and the Attivo Central Manager (ACM), which together create a comprehensive early detection and active defense against cyber threats. WHY CUSTOMERS CHOOSE THREAT DECEPTION

• EARLY WARNING SYSTEM
• ACTIONABLE ALERTS
• EASY TO DEPLOY
• LOW MAINTENANCE
• STRENGTHENS DEFENSES

DETECT KNOW & UNKNOWN ATTACKS Not reliant on signatures or pattern matching, the Attivo ThreatDefend solution accurately detects in-network reconnaissance, credential theft, Man-in-the-Middle attacks, and lateral movement of threats that other security controls miss. EARLY & ACCURATE DETECTION Threat deception provides early detection of external, insider, and 3rd party attacks. Achieve real-time threat detection of reconnaissance and credential theft activities as attackers are deceived into engaging with decoys, deception lures, and bait designed to entice hackers into revealing themselves. NO ALERT FATIGUE FROM FALSE POSITIVES High-fidelity alerts are raised based upon attacker decoy engagement or deception credential reuse. Each alert is substantiated with rich threat intelligence and is actionable, removing false positive and noisy alerts that distract from the prompt incident response of real threats. NOT RESOURCE INTENSIVE Easy to deploy and operate, the Attivo solution is design to be low maintenance. Deployment is in hours and doesn’t require highly skilled employees or in-depth resources for ongoing operations. Machine learning, automated analysis, and incident response empower quick remediation. CAMOUFLAGE Realistic deception is key to deceiving attackers into engaging. Dynamic deception provides authenticity and deception campaigns for self-learning deployment and refresh. Authenticity

• Customized using real OS and services to production assets
• Credential validation with Active Directory
• High-interaction engagement

Machine-Learning

• Self-learning of the environment generates deception campaigns
• Campaigns can be deployed on demand for environment refresh
• Allows automated refresh to spin up deception or avoid fingerprinting

Easy Operations

• Simplify deployment with automated campaign proposals
• Easy operations with automated refresh
• Choice of on demand or automated campaign deployment

FEATURES ThreatDefend is a comprehensive, scalable detection platform designed for the early detection of external threat actors and insiders (employees, suppliers, contractors) and for accelerating incident response. IN-NETWORK THREAT DETECTION Early endpoint, network, application, and data post-compromise threat detection. ATTACK SURFACE SCALABILITY Deception for evolving attack surface: data centers, cloud, user networks, remote office, specialty networks. EASY DEPLOYMENT & OPERATIONS Flexible deployment options and machine-learning for ongoing campaign authenticity and refresh. SUBSTANTIATED ALERTS & FORENSICS Actionable alerts from attacker engagement or credential reuse. Full forensics for actionable response. ATTACK ANALYSIS Automated attack analysis and correlation improves time-to-remediation. THREAT INTELLIGENCE High interaction attacker engagement and DecoyDocs produce threat, adversary, and counterintelligence. ACCELERATED INCIDENT RESPONSE Extensive 3rd party automations accelerate incident response to block, isolate, and threat hunt. ATTACK PATH VULNERABILITY ASSESSMENT Understand attack path vulnerabilities based on exposed credentials and misconfigurations. VISIBILITY & ATTACK MAPS Topographical maps for network visualization and time-lapsed attack replay.

Our deception technology is designed with one purpose in mind – to stop attackers from breaching your system and causing damage. Our local threat intelligence feeds help to keep attackers out of your network. CyberTrap offers comfortable, stress-free 24/7 protection while gathering vital intelligence on attacker activities and intent.

• Local threat intelligence feeds
• Insight on attacker activities
• No false positives

Managed services Our deception as a managed service has been previously accessible only to large companies. For the first time midsize companies can benefit from deception security in a convenient subscription model that won’t stretch their budget or resources.

• No capital investment
• No need to hire experts
• No overhead costs

Supported services Large enterprises and government agencies are vulnerable to persistent attacks. Such organizations usually have an internal security team which can be supported by CyberTrap. We provide training and assistance to help kickstart your deception operation.

• Easy integration with existing security stack
• All the necessary training provided
• Fast and reliable customer support

CyberTrap is the solution for your Company Implementing an extra layer of deception security is the right move for any organization storing valuable, highly sensitive data which hackers desire.

• Government & law enforcement agencies
• Banking, financial services & insurance (BFSI)
• IT, telecom & technology
• Utilities & and national critical infrastructure (CNI)
• Production plants & manufacturing
• E-commerce & retail chains
• Healthcare companies

 

• Get reliable detection.MazeRunner leads attackers away from real targets and creates a footprint of the attack
• Investigation Forensic.Improve incident response.MazeRunner provides rich forensic data and insights, such as the source of the attack and tools used by the attacker
• Real Alerts.Focus on real alerts.MazeRunner generates real, reliable alerts
• Mitigation. Quarantine and block attackers. MazeRunner gathers attack information and integrates with existing tools in the organization to quarantine and block attackers

Fidelis Elevate™

• Automate Detection
• Automate Response
• Prevent Data Theft

Elevate Security Operations Even with many prevention tools in place, organizations are still getting breached. That's why more organizations are shifting from a prevention-focused approach to a detection and response strategy. Fidelis Elevate is the only security operations platform that provides deep visibility, threat intelligence and context across complex environments to automate detection and response. A Force Multiplier for Your Security Operations Fidelis Elevate™ integrates network visibility, data loss prevention, deception, and endpoint detection and response into one unified solution. Now your security team can focus on the most urgent threats and protect sensitive data rather than spending time validating and triaging thousands of alerts. Enhance Your Visibility and Detection Capabilities

• Enrich alerts with data and context from Fidelis Network®, Fidelis Endpoint®, and Fidelis Deception™ – all in a unified platform
• Combine threat intelligence, sandboxing, machine learning, deception, and Fidelis research
• Capture and store metadata for analysis and threat hunting

Automate Response for Quick and Effective Resolution

• Draw conclusions with accuracy by automatically collapsing many alerts and events into a single view
• Automatically validate network alerts on the endpoint with certainty
• Raise the priority level when evidence is found of increased risk
• Automatically execute a response playbook to jumpstart your investigation with clarity
• Stop data leakage, command and control, and active attacks

Ensure Best-of-Breed Breach Detection and Network DLP Fidelis Network® provides deep visibility – across sessions, packets, and content – and automatically validates, correlates, and consolidates network alerts against every endpoint in your network for fast response. Automate Endpoint Detection and Response Fidelis Endpoint® increases endpoint visibility, reduces response time from hours to minutes and enhances endpoint protection.
Detect Post-Breach Attacks With an Active Deception Defense Fidelis Deception™ automatically profiles networks and assets to create deception layers that are as realistic as possible to detect post-breach attacks. Fidelis Network Module Leverage Curated Threat Intelligence for More Accurate Detection Fidelis Insight™ analyzes real-time and historical data, so you can rapidly detect and respond to threats in your environment, even when they happened in the past.

Reveal Application Flows Across the Infrastructure

• Automatically discover applications and flows
• Quickly understand application behavior
• Granular visibility down to the process level

Segment with a Powerful Policy Engine

• Define segmentation policies in minutes
• Automatic policy recommendations
• Consistent policy expression across any environment

Detect Threats Faster and Simplify Response

• Multiple detection methods cover all types of threats
• Dynamic deception immediately traps attackers
• High quality, in-context security incidents with mitigation recommendations to speed incident response

Protection For Your Entire Infrastructure, Built and Proven for Cloud Scale

• Hybrid Cloud. Workload protection in hybrid cloud environments that span on-premises workloads, VMs, containers and deployments in public cloud IaaS including AWS, Azure and GCP.
• Simplify Security. Simplify security management with one platform that provides flow visibility, micro-segmentation, threat detection and incident response.
• Enterprise Scalability. Scalable to meet the performance and security requirements of any sized environment

Stop Advanced Cyber Threats With Deception Technology By deploying hundreds of unique deception tripwires, IllusionBLACK maximises attack detection through the kill-chain, even against stealthy, targeted campaigns that don’t involve malware. From targeted threat intelligence of an impending attack, to detecting lateral movement in every single subnet, Smokescreen’s deception technology helps turn the tables on apex attackers. Full Kill-Chain Coverage IllusionBLACK decoys detect pre-attack reconnaissance, spear-phishing attacks, privilege escalation, lateral movement and data-theft. Deep Network Visibility Instantly deploy 100's of individually unique, customisable traps across all your endpoints and in every single subnet of your network. Attack Vector Agnostic Deception does not rely on static signatures or heuristics to identify attacks, so it stays effective no matter what the bad guys try tomorrow. IllusionBLACK detects threats no matter what they attack It has advanced 3rd generation deception features, including…

• MirageMaker™. Realistic auto-created decoy data fills deceptive assets with always unique, instantly changing content.
• ThreatParse™. Natural language attack reconstruction parses raw attack data into plain-English attack analysis.
• Automated triage. Agentless investigation of compromised endpoints to reduce root cause analysis time and capture volatile forensic information.
• WebDeflect™. Integrate deception into any web or mobile application to guard against business logic attacks.
• ThreatDeflect™. Redirect attacks to decoy cloud environments to keep attackers engaged while containment kicks in.
• Forensic preservation. All evidence recorded and preserved for further analysis in industry standard formats.
• Smart Integrations. Logic-driven automatic response and orchestration to execute response strategies at wire-speed.
• Hardened BSD UNIX base. Rock-solid security built for highly-targeted environments, coupled with BSD UNIX's legendary reliability.
• Threat intelligence export. Machine consumable through STIX, JSON and CSV, as well as integrations with other security infrastructure.

Strengthen your resistance and—when attackers get in—cut them off before they reach your critical assets. Rapid, Sustainable Reduction of Cyber Attack Risk Protection from Targeted Attacks The Illusive platform is purpose-built to counter the methods of advanced attackers—while also alleviating burden on security teams. Illusive’s featherweight solution helps you:

• Understand your attack risk posture
• Harden the environment
• Detect attackers early
• Resolve incidents before attackers succeed

See Your World as an Attacker Would Attackers want to know how they can advance from one system to another and where to find your coveted crown jewels. Attacker View maps your network as the attacker wants to see it—putting you steps ahead. Illusive’s Risk Dashboard analyzes how susceptible you are to a targeted attack and helps you improve the protective power of your deception environment.

The TrapX DeceptionGrid platform protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals. The Deception Product of Choice DeceptionGrid’s depth and breadth of deception capability is unmatched. Our powerful architecture presents the deception attack surfaces that best match attacker activity. Learn more below. Console with Attack Visualization New expanded visualization enables the security operations team to rapidly understand the activities of the attacker over time, from the originating intrusion to the assets they are engaging with, to the final containment. Attacker ID New attack identification automatically determines if an attack is being conducted by a human attacker, or automated attack tools, giving security teams a better understanding of the attack and subsequent containment methods. Automated Provisioning  Automated Provision of Deception Components. DeceptionGrid scans your existing network and provisions hundreds-to-thousands of deception components including Tokens (lures) and Traps (decoys). Deception Tokens Deception Tokens (lures) appear as ordinary files, scripts and databases, are embedded within real IT assets to bait and divert attackers. Active Traps New active traps functionality creates a stream of false network traffic between deployed traps to confuse and divert attackers that monitor the network traffic. Emulated Traps Medium Interaction Emulated Traps Our patented emulated traps can be deployed at the largest enterprise scale through automation. You can select from a wide variety of servers, databases, workstations, switches, routers and more. Industry Templates The patented medium interaction traps now include expanded templates for specialized devices based on industries. These templates include, ATM’s and SWIFT assets for financial services, or Point of Sale (PoS) devices for retail, as well as devices for medical, manufacturing and many more, allowing customers to determine if attackers are targeting specialized devices that are often vulnerable to attack. FullOS Traps High Interaction (Full Operating System) Traps DeceptionGrid enables the provision of full operating system (fullOS) traps. Our medium interaction traps automatically extend engaged attackers through our smart deception to our fullOS decoys for the deepest attacker diversion and engagement. FullOS traps also enable customers to clone existing assets – you can completely replicate actual production servers to further deceive attackers.