CounterCraft helps organizations to strengthen their security posture with the CounterCraft Cyber Deception Platform, that fits into existing security strategies and delivers high-end deception for threat hunting and threat detection using controlled, credible synthetic environments.
CounterCraft accelerates threat detection earlier in the attack lifecycle, provides evidence of malicious activity and modus operandis and already protects leading organizations in the financial, trade and government sectors, as well as law enforcement agencies. The CounterCraft Cyber Deception Platform delivers alerts (according to the vendor with zero false positives) and automates cyber deception campaigns across a range of digital assets to strengthen overall security posture.
CounterCraft's solution provides:
- CounterCraft Cloud™ VPN threat intelligence service - Protects remote workers by deflecting attacks away from VPN infrastructure.
- CounterCraft Cloud™ Ransomware threat intelligence service - Mitigate the threat of ransomware to by detecting the initial stages of targeted ransomware attacks.
- CounterCraft Cloud™ Pre-Breach threat intelligence service - Protect an online presence by detecting, analysing and mitigating pre-breach activity targeting the organization.
- CounterCraft Cloud™ Spear Phishing threat intelligence service - To mitigate the risk of spear phishing attacks penetrating the organization.
CounterCraft's components consist of:ActiveLures
Custom or template-based CounterCraft breadcrumb technology that can be deployed across multiple endpoints, servers or even on internet based platforms such as PasteBin, GitHub and Shodan. Both passive and active breadcrumbs allow you to tailor them to attract exactly the adversary you are targeting. The main job of the ActiveLures is attract adversaries into the CounterCraft ActiveSense Environments.
ActiveSense Environments are the core of the CounterCraft deployment. They contain real machines and real services that provide a credible environment to deflect and monitor the adversary. ActiveSense Environments are deployed and controlled from the CounterCraft Platform. A range of host types and services are available, out of the box, to create an environment that is credible and makes the adversary think they have struck gold. ActiveSense Environments combine the detailed telemetry collected by the DeepSense agents and the command and control capability of the CounterCraft ActiveLink network to provide a full, deep-sensing environment to collect and deliver all adversary activity in real time.
The CounterCraft DeepSense agent gathers telemetry unseen and undetected. A fully cloaked agent gathers all adversary activity on the deception host and sends it back to the CounterCraft ActiveConsole via the ActiveLink command and control network.ActiveBehavior
ActiveBehavior is a human interaction simulation tool that keeps a deception environment looking authentic without lifting a finger by automating the process of logging in and performing “typical” user activities, or basic SysAdmin tasks.ActiveLink
ActiveLink delivers detailed telemetry on adversary behavior undetected and in real-time. ActiveLink provides a full command and control network for the ActiveSense Environment. It allows completely cloaked exfiltration of DeepSense telemetry and also allows real-time control over hosts, services and breadcrumbs for instant response to adversary activity. ActiveLink also allows the system to be deployed across a wide range of complex networks.
The Deception Director is the heart of the CounterCraft Platform. The web-based console provides full design, deployment, and management functionality for all of the components, from ActiveLures deployment to automatic responses to detected adversary activity. The Deception Director can be hosted locally or remotely and provides a powerful tool for analysis and alerting and active defense deployment.
The CounterCraft Platform integrates with other tools and platforms to share threat intelligence or incident data with another platform, etc. CounterCraft integrations include SIEM, SOAR, Intel Sharing Platform or messaging services, etc. If a pre-existing integration does not exist, a fully documented RESTful API is available to support new integrations.