On December 12, Fortinet reported on a heap-based buffer overflow...
Presenting: IllusionBLACK Deception Defense Platform by Smokescreen
When is This Product Useful?
IllusionBLACK’s detection and response platform is essential when your company is the target of one of the following attacks:
|
|
|
|
|
|
How Does it Work?
IllusionBLACK creates decoys (fake systems) on the network that look like real servers hosting services – databases, web-servers, applications, file shares, etc. These decoys are deployed alongside your real assets in your datacenter.
The platform also creates fake credentials, cookies, processes and files that serve as lures for attackers and are deployed on your real endpoints. For an attacker who has broken in, the decoys look as real a legitimate system. The moment they interact with a decoy, a silent alarm is raised while the systems collect information on the attacker’s actions and intent.
Automated response actions can be set up though integrations with popular firewalls and EDRs.
PROBLEM | SOLUTION |
Low Network Visibility
With complex and vast networks, businesses have very little visibility behind their perimeter. This makes it extremely difficult to detect intrusions | Network and Endpoint Deception
Decoys and lures placed across the network detect intrusions giving you unparalleled visibility into malicious activities in your network
|
Changing Attack Tactics
Apex attackers constantly change their tools and tactics making signature and behavior-based detection ineffective. Thus, businesses struggle with detecting APTs, zero-days, and new strains of malware. | Attack Agnostic Detection
Deception technology does not rely on signatures or behavior to detect attacks. Any interaction with a decoy is suspicious making it effective in detecting attacks irrespective of tools or tactics used.
|
False Positives
Traditional security solutions generate thousands of alerts leaving security teams overwhelmed. This leads to event fatigue, data paralysis, and missed alerts. The problem is pervasive. The attack at Target Corp was detected but no one noticed – it was lost in the noise. | Higher Quality Alerts
By design, deception is a low false positive solution. No one knows that decoys exist in the network/ Therefore, no legitimate user should be accessing a decoy. As a result, any interaction with a decoy is a high-confidence, high-fidelity indicator of a breach
|
Pros:
Cons:
On December 12, Fortinet reported on a heap-based buffer overflow...
לא משנה כמה חזקה ההגנה שלנו תהיה, לפעמים דברים ישתבשו...
This video link has expired. Please contact Michelle at [email protected]...