CounterCraft’s Cyber Deception Platform is a full spectrum deception solution that takes the design, deployment and management of deception to the next level with real-time attack detection and targeted, actionable threat intelligence directly applicable to the host network. This solution has a full rest API.
We saw a ton of changes CounterCraft has made over the last year, one of which was moving the focus of their company towards more of an international partner network. CounterCraft adds value to deception within threat hunting to breach the detection gap. Deception is spread outside of the corporate environment with breadcrumbs placed where attackers are going to hunt for information. These locations are spattered with fake information that will lead attackers into the deception environment.
The solution builds and deploys a synthetic environment with design campaigns and assets to attract attackers. It monitors real-time events are monitored with zero false-positive alerts, and can run multiple campaigns in parallel. A series of deception hosts with deception surfaces exist within the campaigns.
Key outcomes of the deception include detecting advanced attackers, looking at all the stages of the attack phase, controlling attacks and controlling the attacker once detection occurs. A cloaked kernel level agent reports everything back with real-time advance while influencing the attacker to prolong interaction. Adversarial investigation helps prioritize decisions and actions.
The several updates made this year include detailed deception environments, fully instrumented WiFi routers and portal apps. The solution can take log data from Microsoft and Google as well. One capability that stood out among the many additions is an anti-phishing feature that feeds fake credentials to attackers to lead them to a fake environment to determine what information they are seeking.
In the web console, Adversary Attack Graph shows a deception path, a small portion of an attack tree. Adversaries are baited with breadcrumbs leading to the web portal, which invites a brute force attack. Exfiltrated documents with honeytokens are contained here. Exfiltrating and opening the documents triggers an alert. The deception documents lead to credentials within another box and a fork in the road for the attacker. If attackers leverage credential dumping, a cookie is loaded into the box and them to make another lateral movement, which takes them to a mobile app where a security team obtain a of the attacker, including GPS coordinates.
CounterCraft takes pride in developing its product in accordance with the feedback it receives, basing changes on user stories and customer research to ensure the product is both functional and looks good. An extensively detailed QA process boosts customer assurance. This level of ownership and integrity can be seen throughout the CounterCraft Cyber Deception Platform. Contact vendor for pricing details. Support offerings include global partner network for local support and deception consultancy. Professional services for custom deception assets and campaign design are additionally offered.
Tested by: Matthew Hreben