Introduction

As breaches continue to plague enterprises across the globe, security professionals need to design new strategies to detect and respond to cyberattacks.One of these recently developed methods is utilizing deception technology as a form of cyber defence.Deception technology is used in order to detect the threats inside the network and entice and entrap the attackers into going after decoys and crumbs that don’t have any real data, but rather help alert the security monitoring team to the presence of an intruder.

Benefits of Deception Technology

Deception technology has been gaining traction as a way for organizations to get a view on how attackers are targeting their assets. But because the assets are decoys, it buys time to craft a defensive posture and ensure production systems are well defended. Some of the benefits are:



Reveal In-network Threats

Attractive decoys

Credential lures

Ransomware bait

Data deception

Early and Accurate Detection

Lateral movement and credential theft

Ever-changing threat landscape

Evolving attack surface

Internal and external threat actors

Accelerated Incident Response

Advanced attack analysis

Substantiated alerts

Automated incident response

Threat path visibility and attack visualization

Understand your business and risk profile

Identify currently deployed security technologies

Determine the ideal deployment architecture

Deploy on-premises components

Provision cloud configuration and licenses

Deliver alerts either via our incident management portal or by integrating with your SIEM

We have an MSSP partnership with the global leader in Deception - Attivo Networks. By leveraging Attivo’s deception technology, we deliver state-of-the-art intruder detection and response capability without a heavy capital expenditure at your end. The key elements of our Managed Detection as a Service approach are:

The deployment architecture is flexible depending on the number of networks to be covered, types of decoys to be deployed, and level of response that you are looking for. A sample proposed architecture is shown below:

Here, Attivo'sThreatDirect™ on premise forwarding software at customer site(s) is installed at the client’s premises whereas the AttivoBOTSink hosted in our SOC and integrated with our SIEM. The features that are enabled by this model include: detection of inside network and stolen credential attacks with rapid remediation, detection and limitation of the impact of ransomware attacks, network visibility, hosted malware and phishing attack analysis; provide signatures and tactics, techniques and procedures to ensure attacks are not repeated.







