Use Cases –

The Cyber Deception Platform can be deployed to deliver value to cyber defender teams and organisations across a range of use cases, and to satisfy particular business imperatives that apply cross sector or have a particular application that is required within a specific industry.

Here are just some of the solution areas we can address today –

Organisation Specific Real-Time Threat Intelligence

The platform is deployed in your own organisational environment alongside or embedded with your production systems estate generating detailed threat intelligence that can be analysed on platform or fed direct to SIEM or threat intelligence platforms for correlation and action.

Early Threat Detection

Deception technology and techniques can discover attackers working in the reconnaissance stage of an attack lifecycle, enabling defenders to be aware of potential attacks on the production systems and information assets, allowing them to take preventative action and adjust their cyber defence posture. The platform provides this in real time.

Lateral Movement

The classic stated use case is that of being able to detect lateral movement as part of an attack lifecycle. The platform performs this activity using a combination of deception breadcrumbs, Deception Hosts running services, all controlled by specifically created Deception Logic. Visualisation of Attack Trees being followed are displayed to analysts and SOC engineers for action.

Automated Cyber Deception Campaigns

To gain deep knowledge of attackers and the Techniques, Tactics and Procedures (TTPs) they are using against you, the platform has a powerful visual Deception Logic that is used to Design and orchestrate the deception environment. This shifts the Deception Attack Surface in response to attacker actions as they attempt to move through their attack lifecycle. The result is detailed knowledge, and their wasted time in a synthetic environment, not your production assets.

SOC Incident Information Enrichment

Deception information is full of detail that is discovered as an attacker moves through the highly instrumented environment. The platform communicates this to SOC tools such as SIEMs and Threat Intelligent Platforms using protocols including STIX 2.0, MISP and OpenIOC. This can enrich incident information and enable faster resolution.

Cloud, Social & Mobile – Deception for Defence Beyond the Perimeter

Most organisations now extend their production ICT estate and information assets beyond the classical walled garden enterprise. This boundary-less architecture has been engineered in to our platform, and the deception environment can co-exist and mimic at all levels to deliver maximum value.

Financial Systems Threat Insight Through Deception Decoys

Naturally many financial institutions including traditional banks and new challenger banks have been targets for cyber criminals, and whilst some of the ICT used is standard enterprise products, protocols and architectures there are some components such as those used in SWIFT (the Society for Worldwide Interbank Financial Telecommunications). We have developed a specific solution for such clients.

Cyber Threat Hunting

Organisations with a mature cyber defence capability are now moving to hunting for threats that may be specific to their operations in an attempt to be ahead of the attacker. The Cyber Deception Platform provides a broad range of tools that can enable successful hypothesis and intelligence led methodologies to be enacted.

CISO Situational Awareness Enhancement

Getting a full and accurate picture of everything that matters to enable good and timely decision making is critical as the complexity and adaptive nature of cyber attackers is growing. Using deception technology and methods provides very specific insight into the nature of attacker behaviour, allowing you to plan and act with more confidence.

Attack Surface Modelling & Attacker Mitigation

Adopting cyber deception methods means that the defence team has to fully understand the nature of the production systems estate attack surface and potentially predict the adversaries’ avenue of approach and course of action behaviour. Designing the deception attack surface and Deception Logic using our platform radically improves overall cyber defence.

Cyber Information Sharing for Improved Risk Management

Organisations that are part of collaborating information sharing & analysis centres (ISAO/ISAC) to enhance their collective defence capability can integrate cyber deception into their architectures and utilise the standard APIs and advanced CounterCraft deception API to share TTP information in real-time for improved cyber risk management purposes.

Operational Technology Defensive Cyber Deception

It is not only standard ICT environments that are being targeted, it now extends into the industrial sector where very specialised technology has been used over decades to control processes and machines. Some of this is now moving to new industrial Internet of Things (iIoT), and all provide an attack surface. Our platform provides deception capability in these demanding situations.

GDPR compliance: Adopt Robust Data Breach Detection & Investigation

GDPR regulation refers to the need to ensure that organisations have robust breach detection and investigation mechanisms. CounterCraft Cyber Deception Platform enables to enhance their ability to detect the presence of threat actors within their global network, delivers a detailed targeted threat intelligence stream to aid incident response, and provides insights into what tools, tactics and procedures have been used.

Red Teams, Blue Teams & Deception

As CISOs push forward with assurance approaches to improving their cyber risk exposure and cyber resilience more use is being made of Red Teaming approaches. Using our Deception Platform in these scenarios, and in cyber ranges now adds a new dimension to stretch the attack and defence players.