How does CYBERTRAP work?

CYBERTRAP delivers bait (or lures) to endpoints that attackers normally use to move around the network unnoticed. Since the bait is customised for the network, attackers cannot distinguish it from actual network elements. As soon as attackers use one of these kinds of lures and follow it, they are forwarded to a secure environment (decoys) where they’re unable to do any damage.

Attackchain showcasing how CYBERTRAP could prevent damage in case of a cyber attack

Why do customers use CYBERTRAP


Security from Europe


Early intrusion detection


Undetectable to attackers


Reduces the number of false positives


Easy to operate

Threat Intelligence

Individual treat intelligence


Able to handle multiple clients


Forensic data in real time


Deception technology for small and medium-sized enterprises

CYBERTRAP PRO is aimed at small and medium sized companies that do not have the capacity to run a complete deception solution but still need quick intrusion detection. With a simple setup, customers can enjoy an additional level of security without the need for constant manual alarm analysis. Just like a silent alarm, CYBERTRAP PRO silently monitors and und immediately reports if any abnormal activity is detected.

Get in Touch

Small, medium-sized companies


Capacity shortage


Quick intrusion detection

Endpoints 1

up to 900 endpoints


up to 3 decoys


Customised deception for large corporations

CYBERTRAP ENTERPRISE is aimed at large companies and government agencies that are regularly exposed to targeted hacker attacks. It is not at all uncommon for it to take an average of 180 days to detect real attackers and other people with malicious or suspicious intentions.

Here at CYBERTRAP we’ve come up with a better alternative with our Enterprise version and offer you a customised endpoint and web deception solution:
With the integration into a SIEM, we do not deliver IOCs (incidents of compromise), which are always based on known incidents, but proof of compromise. This real-time, customised threat intelligence information in the MITRE/ATT@CK context helps the SOC team focus on the critical alerts and analyse critical events more effectively.

With our customised, European deception technology we control the attacks, meaning we are always one step ahead of the attackers.

Get in Touch





Attack Context



Endpoints 1



for CYBERTRAP Enterprise

Our deception technology can be used as a cloud-based, on-premises, hybrid or multi-tenant hybrid solution.

Cloud C

Choosing this option, everything will be hosted in the cloud and attached via a site-2-site VPN (IPSec) to the customers infrastructure. To achieve deception in the customer’s infrastructure, the CYBERTRAP Lures are rolled out on-premise. The lures will lead a malicious actor to the CYBERTRAP Decoy, which is hosted in the Cloud.

Get in Touch
On Premises C

The hybrid approach still hosts the CYBERTRAP Backend in the Cloud, but places the CYBERTRAP Decoys on-premise. All monitored data on the Decoys will be sent encrypted to the Backend. This has the large benefit that no VPN needs to be configured between the customer’s network and the CYBERTRAP environment.

Get in Touch
Hybrid C

This is the classic “everything on the customer’s side” approach. Both the CYBERTRAP Decoys and the CYBERTRAP Backend will be installed on-premise. Those components will be installed on customer’s systems, the hardware requirements of the installation manual will apply. For installation, customization and maintenance reasons, a remote management interface (preferrably SSH) is required.

Get in Touch
Multi Tenant Hybrid C

The Multitenancy approach fits perfect for Managed Security Service Provider (MSSPs). A customizeable Dashboard provides an overview of all managed customer installations. The Multitenancy Dashboard may reside at CYBERTRAPs Datacenter or on premise.

Get in Touch

“Never interrupt an enemy when he is making a mistake.”
– Napoleon Bonaparte