Hunting the attackers,
not the attacks

Active Defense

Deception Technology

Post-Breach Detection Based on Deception

The latest class of network breaches is challenging the effectiveness of traditional detection and prevention tools and technologies.

It is only a matter of time before motivated threat actors manage to penetrate corporate network and systems. This is why organizations adapt their information risk management strategies from a prevention-based to a post-breach detection, towards achieving and maintaining their cyber resilience.

Gather counter-intelligence pertaining to malware and threat actors that have penetrated your network. Stop them from strategically and progressively performing lateral movement in their search for sensitive information and high-value assets.

In a Nutshell

What is Active Defense

Lay Beacon-Traps and decoys to stop threat-actors already in your network.

Lure and deceive threat-actors into revealing their true intentions.

Gain valuable time to take appropriate response actions.

How it Works

What it does

Defense “Decoys and Beacon Traps” are designed to detect reconnaissance and malware related activity, as well as to access and use “planted” fake information, which may include believable user access credentials, database connections and network shares. The goal is to deceive threat-actors into thinking they have discovered a way to escalate their privileges, lateral movement, and access sensitive data towards achieving their goals.

If threat-actors attempt to probe and access any fake information, ClearSkies™ Active Defense triggers an alert notification, and delivers attack-vector information to ClearSkies™ SIEM for further analysis. Attack-vector information provides you with valuable intelligence as to how threat-actors interact with systems and network, including their methods, purpose and source.

By occupying threat-actors for as long as possible with “Decoys and Beacon Traps”, from achieving their real purpose, you  gain valuable time to take necessary defensive actions.


What you get

ClearSkies™ Active Defense both compliments and capitalizes on the early detection and response capabilities of your SIEM.

Decrease attacker dwell time

Drastically reduces the time a successful threat-actor spends scouting unnoticed within the corporate network and systems.

Gain comprehensive visibility

Provides comprehensive visibility of the threat-actor’s intentions in your corporate network.

Reduce false positives

Focuses on real threats, thus accelerating your organization’s response and overall cyber resilience capability, effectively improving your security posture.

Gather valuable information

Helps you gather valuable information about the methods used, purpose and source, which can help you both improve your processes, network and system defences. This information could help as well with the prosecution of these threat-actor(s).

Meet regulatory compliance requirements

Helps you meet audit and legal regulatory compliance requirements.

Achieve scalability

Can be easily scaled at any given time, depending on organizational needs and/or budget requirements.


What’s under the hood

Automate Incident escalation so your security personnel can be informed even as the attack is already taking place.

Receive incident notifications via email, SMS and/or push notification on smartphones and tablets with ClearSkies™ Mobile App (for iOS and Android) installed. For more detailed information related to incident escalation, refer to the ClearSkies™ Event Management “ServiceModule”.

Deploy and manage ClearSkies™ Active Defense by your own SOC or by Odyssey’s 24/7 Managed Security/Detection & Response Services.


How does Active Defense tie in to the ClearSkies™ Threat Detection, Investigation & Response Platform?

ClearSkies™ Active Defense is part of the cross-layered extended detection and response capabilities that enable you to associate threats with vulnerabilities while automating and orchestrating response actions. Learn more about the Threat Detection, Investigation & Response (TDIR) Platform ecosystem.

Intelligent machine


Beyond log and event data collection and analysis.

Intuitive User Experience

Secure Web Portal (SWP)

Real-time visibility of your security posture made easy.

Mobile App

Real-time visibility while on the go.

Learn More

Get the Datasheet

ClearSkies™ Active Defense both compliments and capitalizes on the early detection and response capabilities of your SIEM.