What is deception?

Or in other words, how do you protect yourself as a company against increasingly sophisticated attacks?

Towards a better security in 3 steps

Cybertrap Step 1

Perform a cost-benefit analysis

Most security insurers have excluded hacker damage from their coverage and no longer pay out on such claims. Just how much money can deception technology really save? We answer these questions and more in our guide: How do I explain the value of Deception technology to my CFO?

Cybertrap Step 2

Schedule deployment

It only takes a few hours until the solution is ready for use. You schedule the most convenient time with our sales department.

You then decide whether your IT department should take care of the ongoing support or whether to outsource this task to us until the appropriate know-how is available internally.

Cybertrap Step 3

Lock hackers out

Once the attackers have entered the deception environment, there is no direct way back into the production system. Through so-called threat intelligence, we can draw conclusions as to what the target of the attack was and how the attackers breached the system.

What others say

My opinion is that deception technology is a really underused tech. It provides the benefits of low false positive nature of the signals into the SOC, and for customers who have no SOC or SIEM it would be the best security Euro to spend.

Automotive CISO

In the case of systems that have not been patched to date, it should be assumed that they have been compromised.

Federal Office for Information Securityin a press release about the Microsoft Exchange Hack

Attackers have the advantage over defenders. For decades, money, patents, and efforts have done nothing to change the situation. Now, as a result of the SolarWinds hack, we are learning that defenders are, if anything, falling further behind. The top priority must be to reverse this trend so that defenders finally get the upper hand.

Jason HealeyCyber-conflict researcher at Columbia University and former White House security adviser

The dwell time of hackers in productive systems is extremely long. Just imagine what an intruder can do if he remains undetected for 2 months.

IT-Experte zum SolarWinds Hack

Which Deception solution is right for my business?

We currently offer three different packages, each of which you can either manage yourself after a short training session or book with an optional managed service.

State-of-the-art security technology is particularly suitable for banking, finance, pharmaceutical and industrial companies. But even SMEs, which often lack IT expertise altogether, find themselves increasingly at the mercy of the growing number of hacker attacks. Unfortunately, so-called herd immunity does not work against targeted or random attacks.

Endpoint Deception

Even if specific devices on the network are compromised, the rest of the infrastructure is protected. The decoys are custom-designed and tailored for your network so that an attacker cannot differentiate them from the actual network elements. Once trapped on the decoy there is no way back to the production network.

Learn more

Active Directory Deception

By gaining access to an Active Directory, attackers aim to hide from security teams and their tools. Unknowingly, they obtain fake credentials. Unnoticed, scan the entire Active Directory and search for admin users. Our solution sends back such data, detects the attack and thus redirects the attackers.

free trial

Web Application Deception

We place autonomous lures at strategic positions of your web applications. These lures refer to a deceptive trap system (decoy), on which the attacker can run riot and do no harm. In the process, a digital profile of the attacker is created and made available to other systems. In the process, a digital profile of the attacker is created and made available to other systems.

Learn more

Schedule a callback or access to our demo

Your satisfaction is our top priority. Just leave us a short message and we will get back to you as soon as possible.

Your contact person

Carsten Keil

“With CYBERTRAP, our goal is to beat any attackers at their own game and thus offer companies greater security with minimal effort.”

“Never interrupt your enemy while he is making a mistake.”
– Napoleon Bonaparte

Why deception?

Attackers use deception techniques to their advantage. This includes everything from fake e-mails to stolen access data, and they use it to trick organizations into downloading malware or giving them access to valuable data.

The point of deception technology is to turn the tables on attackers. By basically turning any endpoint into a trap, it enables companies to use deception technology as part of their cybersecurity strategy to actively defend corporate data against unauthorized access.

Deception is not a honey pot

One of the biggest challenges is the misconception that deception is synonymous with a honeypot. Many people immediately think of honeypots (which, by the way, have been around for 25 years) when they hear “Deception”. The assumption is wrong.

Unlike honeypots, deception technology (like CYBERTRAP) redirects the attacker to a monitored environment where no damage can be done. It also uses threat analysis providing better information and forensic data for faster response.

We cannot continue to take a reactive approach to security and expect it to work against the enemies that are out there today. (F. Weber, CYBERTRAP)

Nearly all security technologies are based on a reactive mindset, which means attackers always have the benefit of moving first. They take advantage of this, and they are always one step ahead of us. Security is catching up, but we cannot catch up fast enough.

FAQ Deception Technology

What is the difference between Deception and Honeypot?

Until some time ago, honeypots were state-of-the-art methods for detecting whether an attacker had attacked the honeypot. However, cybercriminals and IT security have evolved and it is no longer enough to know if someone has touched a honeypot. Honeypots are no longer up to date to answer the most urgent questions: who is why in my network, where does he come from, where does he want to go, and above all, how long has he been here? This is where Deception technology comes into play.

To analyze the attack, you first need to know what you are looking for in your sea of data. This is not so much a big data problem as an analysis problem. It is the search for the needle in the haystack.

What is the MITRE Shield?

MITRE Shield is a free knowledge base for proactive defense techniques. It currently consists of 33 different controls or methods for protection against attacks, and 27 of the 33 controls are Deception. CyberTRAP covers well over 80% of the MITRE Shield framework, and this is a very strong signal to the world of the importance of using CyberTRAP Deception technology.

How do cybercriminals respond to a network attack?

The easiest way would be to ask the attacker. He could answer these questions very quickly. Alternatively, it would be practical to simply look over his shoulder while he is working. Then the needle in the haystack would present itself on a silver platter.

What do attackers often look for in the corporate network?

RDP credentials, hidden shares, putty credentials, credentials in scripts, browser history

What is Threat Intelligence?

The definition or translation of Threat Intelligence in German would be “Wissen über Bedrohungen”. It describes the collection of all security-related information sources. Internal and external sources (e.g. via service providers) can be used for this purpose. Timeliness, speed, and the context for your own organization are important.

Where is Threat Intelligence used?

Deception tools like CyberTRAP support security teams by providing contextual and individual threat intelligence in real-time. This enables the sysadmin or IT, security manager of the attacked company, to gain insight into an attack in real-time.

What is the Dwell Time?

Dwell time of an attacker in the network, from initial compression to detection.

What is the average Dwell Time?

Statistics vary widely (source of reports, industry, country, etc.) and range up to 206 days. Tracing the initial compromise is very difficult to impossible. In connection with the Shitrix vulnerability, many attackers were undetected on the network for over 6 months before the ransomware was activated.

How can the Dwell Time be reduced?

Deception helps to reduce this time by 90 to 97%. Using individual bait and diversionary tactics, the company is alerted at the first attempt at lateral movement.

What is the Response Gap?

The time between detection of a security incident and the countermeasures taken is called the “response gap”. The larger the response gap, the more severe the consequences.

How can the response gap be reduced?

Deception tools such as CyberTRAP can significantly reduce the time required. The security team is supported and relieved by providing context-related and individual threat intelligence in an ongoing attack. Based on the insights gained, targeted and prioritized countermeasures can be taken.

Deception – What is that?

When you look at IT security, attackers and defenders alike use a variety of Deception technologies and methods such as phishing, scamming, social engineering, on the one hand, honey/user tokens, and honeypots on the other. Deception literally means to deceive someone.

What is the difference between Deception and Honeypot?

Until some time ago, honeypots were state-of-the-art methods for detecting whether an attacker had attacked the honeypot. However, cyber criminals and IT security have evolved and it is no longer enough to know if someone has touched a honeypot. Honeypots are no longer up to date to answer the most urgent questions: who is why in my network, where does he come from, where does he want to go, and above all, how long has he been here? This is where Deception technology comes into play.

To analyze the attack, you first need to know what you are looking for in your sea of data. This is not so much a big data problem as an analysis problem. It is the search for the needle in the haystack.