Or in other words, how do you protect yourself as a company against increasingly sophisticated attacks?
In the case of deception technologies, attackers are deliberately diverted into a specially created IT environment even before they can penetrate further into the company’s actual infrastructure. Within this fictitious environment, it is possible to systematically observe the attackers in order to identify their motivation, methods and, in some cases, even their identity and clients.
This is how hackers operate in the network
During the first stage, the Reconnaissance phase, hackers observe and examine the structure of the network and the layout of the hierarchies. To reach the desired location in the network, they use various tools to expose vulnerabilities or paths.
After the intrusion, in the Credential Dumping and Privilege Escalation phase, hackers move through the network step by step in order to gain greater user rights and thus reach the target of his attack. If they have managed to gain admin rights, they move into the Gaining Access phase, and it becomes even more difficult to identify lateral movements between devices and apps, as it looks like normal network traffic.
Artifacts (such as logs, timestamps, registry entries, etc.) serve as forensic evidence of possible intrusions into a network. However, this information is based on knowledge and changes constantly because attackers are continuously altering their techniques, tactigens, and procedures.
Attackers invariably use deception techniques, so why shouldn’t defenders?
Why Deception instead of Honeypots?
IT security is an ongoing responsibility and should not be viewed as a one-time investment. The field is in constant evolution. Hackers are continuously finding new ways to break into systems or exploit new security vulnerabilities. Just as you take a car in for regular service, occasionally buying new tires or replacing worn parts, an IT network requires ongoing maintenance. Honeypots were created to draw hackers into an area they otherwise would not have been interested in. Very few people fall for that anymore. The goal nowadays is not to attract hackers with these “honeypots”, but to remain as inconspicuous as possible. Only deception can achieve that.
How Deception also protects your data
The extent (or lack thereof) to which popular hardware and software in IT security are actually used to defend against attackers is well illustrated in the so-called “Pyramid of an Attackers Pain” (David J Bianco, Mandiant/Fireeye). It shows that the challenge for hackers increases from the bottom, lower layers, such as anti-malware and firewall systems, to the top.
At the top of the list is the MITRE ATT&CK Framework®, designed to better identify attacker behavior in the event of a breach. To learn more about how our deception technology maps to this framework, and what recommendations it provides, read the article on Deception Stories.
You can also read more about the “Pyramid of the Attacker’s Pain” from our cybersecurity experts in this blog article.
Towards a better security in 3 steps
Perform a cost-benefit analysis
Most security insurers have excluded hacker damage from their coverage and no longer pay out on such claims. Just how much money can deception technology really save? We answer these questions and more in our guide: How do I explain the value of Deception technology to my CFO?
Schedule deployment
It only takes a few hours until the solution is ready for use. You schedule the most convenient time with our sales department.
You then decide whether your IT department should take care of the ongoing support or whether to outsource this task to us until the appropriate know-how is available internally.
Lock hackers out
Once the attackers have entered the deception environment, there is no direct way back into the production system. Through so-called threat intelligence, we can draw conclusions as to what the target of the attack was and how the attackers breached the system.
What others say
Which Deception solution is right for my business?
We currently offer three different packages, each of which you can either manage yourself after a short training session or book with an optional managed service.
State-of-the-art security technology is particularly suitable for banking, finance, pharmaceutical and industrial companies. But even SMEs, which often lack IT expertise altogether, find themselves increasingly at the mercy of the growing number of hacker attacks. Unfortunately, so-called herd immunity does not work against targeted or random attacks.
Endpoint Deception
Even if specific devices on the network are compromised, the rest of the infrastructure is protected. The decoys are custom-designed and tailored for your network so that an attacker cannot differentiate them from the actual network elements. Once trapped on the decoy there is no way back to the production network.
Active Directory Deception
By gaining access to an Active Directory, attackers aim to hide from security teams and their tools. Unknowingly, they obtain fake credentials. Unnoticed, scan the entire Active Directory and search for admin users. Our solution sends back such data, detects the attack and thus redirects the attackers.
Web Application Deception
We place autonomous lures at strategic positions of your web applications. These lures refer to a deceptive trap system (decoy), on which the attacker can run riot and do no harm. In the process, a digital profile of the attacker is created and made available to other systems. In the process, a digital profile of the attacker is created and made available to other systems.
Why choose Cybertrap?
“Cyber Security made in Europe”
Our deception technology can evaluate attacks automatically and correlate events that at first glance appear to be unrelated.
As a result, both the response time and the number of time-consuming false alarms are reduced significantly, thus decreasing the workload faced by the responsible IT administrators in the company.
Schedule a callback or access to our demo
Your satisfaction is our top priority. Just leave us a short message and we will get back to you as soon as possible.
Your contact person
Carsten Keil
“With CYBERTRAP, our goal is to beat any attackers at their own game and thus offer companies greater security with minimal effort.”
“Never interrupt your enemy while he is making a mistake.”
– Napoleon Bonaparte
Why deception?
Attackers use deception techniques to their advantage. This includes everything from fake e-mails to stolen access data, and they use it to trick organizations into downloading malware or giving them access to valuable data.
The point of deception technology is to turn the tables on attackers. By basically turning any endpoint into a trap, it enables companies to use deception technology as part of their cybersecurity strategy to actively defend corporate data against unauthorized access.
Deception is not a honey pot
One of the biggest challenges is the misconception that deception is synonymous with a honeypot. Many people immediately think of honeypots (which, by the way, have been around for 25 years) when they hear “Deception”. The assumption is wrong.
Unlike honeypots, deception technology (like CYBERTRAP) redirects the attacker to a monitored environment where no damage can be done. It also uses threat analysis providing better information and forensic data for faster response.
We cannot continue to take a reactive approach to security and expect it to work against the enemies that are out there today. (F. Weber, CYBERTRAP)
Nearly all security technologies are based on a reactive mindset, which means attackers always have the benefit of moving first. They take advantage of this, and they are always one step ahead of us. Security is catching up, but we cannot catch up fast enough.
FAQ Deception Technology
What is the difference between Deception and Honeypot?
Until some time ago, honeypots were state-of-the-art methods for detecting whether an attacker had attacked the honeypot. However, cybercriminals and IT security have evolved and it is no longer enough to know if someone has touched a honeypot. Honeypots are no longer up to date to answer the most urgent questions: who is why in my network, where does he come from, where does he want to go, and above all, how long has he been here? This is where Deception technology comes into play.
To analyze the attack, you first need to know what you are looking for in your sea of data. This is not so much a big data problem as an analysis problem. It is the search for the needle in the haystack.
What is the MITRE Shield?
MITRE Shield is a free knowledge base for proactive defense techniques. It currently consists of 33 different controls or methods for protection against attacks, and 27 of the 33 controls are Deception. CyberTRAP covers well over 80% of the MITRE Shield framework, and this is a very strong signal to the world of the importance of using CyberTRAP Deception technology.
How do cybercriminals respond to a network attack?
The easiest way would be to ask the attacker. He could answer these questions very quickly. Alternatively, it would be practical to simply look over his shoulder while he is working. Then the needle in the haystack would present itself on a silver platter.
What do attackers often look for in the corporate network?
RDP credentials, hidden shares, putty credentials, credentials in scripts, browser history
What is Threat Intelligence?
The definition or translation of Threat Intelligence in German would be “Wissen über Bedrohungen”. It describes the collection of all security-related information sources. Internal and external sources (e.g. via service providers) can be used for this purpose. Timeliness, speed, and the context for your own organization are important.
Where is Threat Intelligence used?
Deception tools like CyberTRAP support security teams by providing contextual and individual threat intelligence in real-time. This enables the sysadmin or IT, security manager of the attacked company, to gain insight into an attack in real-time.
What is the Dwell Time?
Dwell time of an attacker in the network, from initial compression to detection.
What is the average Dwell Time?
Statistics vary widely (source of reports, industry, country, etc.) and range up to 206 days. Tracing the initial compromise is very difficult to impossible. In connection with the Shitrix vulnerability, many attackers were undetected on the network for over 6 months before the ransomware was activated.
How can the Dwell Time be reduced?
Deception helps to reduce this time by 90 to 97%. Using individual bait and diversionary tactics, the company is alerted at the first attempt at lateral movement.
What is the Response Gap?
The time between detection of a security incident and the countermeasures taken is called the “response gap”. The larger the response gap, the more severe the consequences.
How can the response gap be reduced?
Deception tools such as CyberTRAP can significantly reduce the time required. The security team is supported and relieved by providing context-related and individual threat intelligence in an ongoing attack. Based on the insights gained, targeted and prioritized countermeasures can be taken.
Deception – What is that?
When you look at IT security, attackers and defenders alike use a variety of Deception technologies and methods such as phishing, scamming, social engineering, on the one hand, honey/user tokens, and honeypots on the other. Deception literally means to deceive someone.
What is the difference between Deception and Honeypot?
Until some time ago, honeypots were state-of-the-art methods for detecting whether an attacker had attacked the honeypot. However, cyber criminals and IT security have evolved and it is no longer enough to know if someone has touched a honeypot. Honeypots are no longer up to date to answer the most urgent questions: who is why in my network, where does he come from, where does he want to go, and above all, how long has he been here? This is where Deception technology comes into play.
To analyze the attack, you first need to know what you are looking for in your sea of data. This is not so much a big data problem as an analysis problem. It is the search for the needle in the haystack.