Product: Cyber Deception Platform
Price: Based on application.
Reviewed by: Michael Diehl & Matthew Hreben
What we liked: Company is taking strides in Wi-Fi deception and is continuing to make strides to polish this platform.
CounterCraft helps their clients design, deploy, monitor, and maintain deception campaigns involving a wide range of deployable assets. These include decoy computers, false data and fake identities to look like a real IT environment to an attacker. Their solution, Cyber Deception Platform, can detect and stop attacks across a variety of assets, such as server, mobile phones, web apps, mobile apps and Wi-Fi access points.
Cyber Deception Platform has been designed to provide deceptions that look like legitimate, internal company assets. The likelihood of an attacker inflicting any damage gravitates toward minimal, as it is more common to encounter a deception, generate an alert, and be detected quickly.
Multitenant support for global business units or multiple managed security service provider (MSSP) clients can be enabled during rollout. Deceptions then can be deployed across on-premises server farms, virtualized environments, endpoints, other network assets, private and public clouds, including AWS, Microsoft Azure, and Digital Ocean. CounterCraft is aware of how diverse all traps need to appear to the adversary and features context-aware configuration screens to guide administrators on all aspects of the deception environment.
The core component of the Cyber Deception Platform solution is Deception Director, with its modular architecture, creation and sharing of threat intelligence, and the Deception API Suite. All of the data that is collected about the real-time threat actors and their behavior can be shared in machine-to-machine format to augment other enterprise security systems. When an attack occurs, the Deception Director can respond automatically, which is complemented by its Deception Logic that provides the conditional rule set which controls the specific actions. The deception environment is then manipulated in response to the attacker. This gives accurate information to the Incident Response team and can be linked to external SIEMs as well.
Sending high-fidelity alerts that eliminate false positives is a common ability in today’s deception network toolset. When an attacker interacts with a deception, the security team receives an alert. These are channeled through the management console, as well as via IM and other messaging platforms. In fact, Cyber Deception Platform monitors activity down to the operating system level, allowing to the tracking of attackers in real time while they navigate through the deception environment. The Deception Director is constantly receiving tactics, techniques, and procedures (TTP) telemetry data as it is the locus where all data is processed, enriched, and displayed through the console.
One area for improvement is the dashboard, which is a bit underdeveloped. The CounterCraft team said it is actively listening to user feedback and plan on upgrading the interface. Having a visual representation of the data being analyzed is important in any field. But having a live feed visual model of an attacker’s progress and decision path is especially critical in this space. A real-time granular view of the attacker, lets the intrusion be stopped at any time.
Cyber Deception Platform offers in-depth online user guides as well as fully documented API. CounterCraft usually caters to large enterprises. CounterCraft can offer some custom work, such as accommodating to a specific customer use case.