Our blog is a playground with fresh ideas about security and our approach.

1 Jun

Attack Trees in Deception Campaigns


The concept of attack trees or attack paths and how to increase the cost for the attacker in time and resources (not always monetary) has been discussed many times and it is still considered a good approach in any modern security strategy. Bruce Schneier explained the concept in the Dr. Dobb’s Journal in 1999K Leveraging an attack tree model is not only an important step towards formalizing our understanding of attacks, but also a means to understanding our defense.

27 May

How to Effectively Use MITRE ATT&CK and Deception Campaigns to Engage with Threat Actors


The growing popularity of MITRE ATT&CK is a good indication that finally, we have a common language to describe the tools, techniques and procedures (TTPs) that threat actors are using in their daily operations. At CounterCraft, we have been firm believers in MITRE ATT&CK; we first added support for the first versions of the ATT&CK Matrix in our Deception Director product at the end of 2018, and now we are rolling out all the new subtechniques.

18 May

Data Protection for the Healthcare Sector and Laboratories


In a post COVID-19 world the security landscape of many organisations has been radically realigned. In particular, the healthcare sector was facing significant challenges prior to the pandemic, so the current situation has only added to the security burdens they face. During the course of 2018-2019 the sector suffered a number of significant data breaches. The question most CISOs face is how they can radically improve the security controls in an environment where they, above all sectors, will probably face a greater number of attacks from a diverse range of threat actors.

7 May

Remote Access & VPN Risks in the New Cybersecurity Scenario


With most employees working from home amid today’s COVID-19 outbreak, VPN and remote access to enterprise resources have drastically increased. This is a huge challenge for the IT and security departments as many security experts believe that the current VPN deployments are designed for a small percentage of employees of the organizations and not for the overwhelming number of teleworkers who now need to access them repeatedly throughout the workday. Many of these users can be tempted out of VPN access due to the associated slowing down or dropping of the connection, or the availability of unpatched desktop and laptop computers, and other non compatible devices where no VPN client is available.

28 Apr

How to Use Cyber Deception Technology to Block Targeted Phishing Campaigns


In these uncertain times, CISOs are having to deal with an entirely new security profile for their organisations. The ability to control every security facet on end users’ machines has been loosened considerably. So, the challenge is: how can a CISO realign their security strategy to deal with the altered risk profile they face? Let’s use spear phishing as a simple example to illustrate the point of how old threats present a different challenge regarding the new operating environment.

16 Apr

Proactive cybersecurity during COVID-19 and beyond


We are currently in the midst of a global crisis produced by the coronavirus pandemic and the world as we know will probably change. In times of crisis, cybersecurity is increasingly relevant and we need to pay extra attention to the rise in cybersecurity attacks perpetrated by different adversaries, such as cybercriminals or nation-state sponsored groups, as they look to capitalise on the situation. All verticals are affected, but the manufacturing, pharmaceutical, travel, healthcare, and insurance industries now seem to be the main target.

3 Apr

Threat Intelligence: Do You Have All You Need? Do You Need All You Have?


We’re going through difficult times, in which a pandemic is hitting the world incredibly hard. Although it’s not the highest concern at the moment, we must consider the economic consequences this outbreak will bring, and its effects on the cybersecurity sector. One thing to consider is the fact that there are still security incidents occurring, with attackers taking advantage of the current health and economic crisis. In addition, most companies have moved to remote formats and teleworking presents the need to implement security measures previously not needed and reinforce existing measures.

11 Mar

CounterCraft unveils unrivalled enterprise cyber deception capabilities at RSA Conference 2020


We’re back on terra firma at our offices in San Sebastian and London after our fourth year participating in RSA Conference San Francisco where we unveiled version 2.6 of our award-winning Cyber Deception Platform. And what a way to welcome 2020! Revolutionary new features and functionality included in this latest release enter us into the top league of cyber deception vendors. We closed 2019 on a high with 60% reported growth in sales bookings and are set to continue on the same upward trajectory this year as we execute plans to expand beyond the European and UK markets, to the US.

12 Feb

CounterCraft peaks on the maturity curve with version 2.6


CounterCraft 2.6, is here, and as we throw ourselves into our fourth visit to San Francisco’s Moscone Centre in a few weeks, we can’t think of a better way to embark on this new decade. Generating more and more attention the world over, deception technology is set to influence a new generation of threat intelligence and is now recognized as a pillar of innovation in cybersecurity by the likes of Gartner.

20 Jan

PwC and CounterCraft Sign a Global Strategic Collaboration Agreement


A new year has just begun, and already there’s reason to celebrate: CounterCraft and PwC, leading cybersecurity companies, recently reached a global strategic collaboration agreement. PwC will provide digital counterintelligence consulting services and the CounterCraft Cyber Deception solution to large international companies. Through this alliance, PwC reinforces its cybersecurity services portfolio and CounterCraft strengthens its international presence for the next few years. With the increase and evolution of cybercrimes worldwide, deception technology has become a groundbreaking cybersecurity approach for organisations.

Page 1 of 8