Active Defense

A variety of techniques used to outsmart
attackers that allow us to detect, slow
down and derail their actions.

Summary

Our objective here is straightforward. We make it so difficult for an attacker to proceed, they simply give up. This happens when an attacker cannot easily find information on
a target, or once the perimeter is breached finds it impossible to locate their ultimate goal. Slowing down or derailing their attack, so they cannot advance or complete their goals, increases the probability that they will make a mistake and expose their presence, or reveal their attack vector.

Our Deception Technology confuses the attack surface using attractive bait, breadcrumbs
and realistic device decoys to detect an attack early and misdirect the attacker from
intended targets. The deception environment tricks the attacker or malware into engaging and then leads them to believe they are escalating their attack, when in fact, they are
wasting time and processing power. The reality is, they may actually be providing the defender with counterintelligence.

Benefits

  • Actions taken by us in a deceptive environment can provide counter-intelligence which informs all other cyber activities.
  • By misleading the attacker into believing they are escalating an attack, we are in fact in the process of gathering forensic information, creating better pen tests, threat hunting, attack analysis etc. etc.

Process

Our team uses a variety of techniques ranging from honeypots and other deceptive systems, to the pollution of online data, automated incident response and limited counter attacks.

The forensic information gathered can then be applied to prevention, isolation and threat hunting defences to stop a live attack, find forensic artifacts and prevent the attack from resurfacing.

TO BE EFFECTIVE YOU HAVE TO UNDERSTAND THE BUSINESS YOU’RE PROTECTING