Managed Deception and Counterintelligence

Use CounterCraft’s automated Cyber Deception technology to detect attacks early - even pre-breach; collect real-time threat intelligence specific to your organization; and proactively protect your organization by adapting your defenses to stop attacks.

We use social engineering techniques against the attackers. Technical discovery information will be placed where it can be found by a threat actor searching for your organization’s external infrastructure.

The deception buffer zone infrastructure will be hosted on cloud infrastructure. In the deception buffer zone, external services will provide the attackers with a credible target.

When an attacker interacts with the deception buffer zone, an alert is immediately sent from our console and threat intelligence collection starts.

The deliverables are actionable threat intelligence data with enrichments in the form of TTPs (MITRE ATT&CK) and IoCs including IP addresses, and credentials used by threat actors. The threat intel data can be sent to external security tools such as MISP, a SIEM or SOAR platforms.

The goal of the Pre-breach Intelligence Service is to deflect attacks away from the external infrastructure of the organization by deploying a deception buffer zone. The service will deliver real time intelligence that will be used to harden your infrastructure.

CounterCraft infrastructure

Deploy: deploy the assets associated with the service. This includes the creation of the attack vector discovery assets (breadcrumbs), any associated IT assets, and full configuration and deployment of the campaign.

Discover: the threat actors follow a prepared breadcrumb trail to discover and attack external facing services, hosted on your behalf.

Detect: detect when the threat actors are conducting reconnaissance on the deception buffer zone and you will be alerted immediately.

Collect Intel: the platform continues to collect intel in real-time on how the threat actors discovered your infrastructure, and what techniques, tools and procedures they are using to attack. You will be able to access all this information through an easy-to-understand dashboard.

Proactively Protect: make it actionable. Integrate the intelligence gathered with your security infrastructure: e.g. SIEM, SOAR, and TIPs.

Our products

Vendors

Sourcefire, Niksun, Netwrix, Redsocks, Rapid 7, Unomaly, Logpoint, Isight Partners

For more information, call our security consultants at +31 (0) 345 506 105 or send an email to info@isoc24.com