Solutions

CYBERTRAP places hidden lures on endpoints that divert attackers away from the production network and lead them to our deception environment. Even if endpoints are compromised, the company infrastructure is still protected. Lures are designed and customised for your network so that an attacker cannot distinguish them from the actual network elements. The deceptive environment consists of monitored decoys that mirror the servers from the productive network.

We are able to monitor the behaviour and track the movements of attackers. By doing so, we generate valuable threat intelligence data that can be accessed via the dashboard or through automated risk management reports. This data is also exported to SOC/SIEM systems, antivirus software and firewalls in order to strengthen the security measures in the production network. This individual Threat Intelligence information, provided in real time and in the MITRE/ATT@CK context, helps the SOC team to focus on critical alerts and thus analyse critical events more effectively. With our custom-made, European deception technology, we control such attacks and are therefore always one step ahead of the attackers.

We place autonomous lures at strategic positions of your web application services. These lures are invisible to normal users, but are quickly found during a targeted attack. They are directly linked to monitored decoys in your deception environment – whenever attackers connect to one of these decoys, we’re able to monitor their behaviour and track their movements.

Same as Endpoint Deception, we generate valuable threat intelligence data that can be accessed via the dashboard or through automated risk management reports for Web Application Deception. This data is also exported to SOC/SIEM systems, antivirus software and firewalls in order to strengthen the security measures in the production network.

Active Directory (AD) is a standard tool used by most organisations to control access of users and computers to company servers and applications. Each computer on the corporate network must therefore have some access to AD in order for the network environment to function properly.

Attackers use phishing, man-in-the-middle and other techniques to gain the permissions they need to break into a network. Once inside the system, they often use attack tools like Bloodhound scans to map the entire AD environment. Through this reconciliation, attackers can identify the valuable resources, systems and privileged user accounts they need to achieve their goals and create an attack plan. By accessing the AD, attackers hope to hide from the security teams and their tools, for example by using existing credentials or creating their own domains.

In case an attacker uses the Bloodhound tool to scan AD for admin accounts, he will get back false information. This immediately sets off an alarm and the security team knows that someone is searching for AD Admin accounts without authorisation. If the attacker uses false information to move around the network, he is immediately redirected to a secure deception environment where he can be monitored. While this is taking place, we record the techniques, tactics and procedures used by the attackers, which in turn are used by the security team to strengthen the security measures in the production network to prevent further attacks.