Hunting the Attackers, not the Attacks
Post-Breach Defense Detection Based on Deception
The newest generation of remotely controlled network attacks is challenging the effectiveness of traditional detection and prevention tools, making prevention-based approaches less effective. It is only a matter of time before determined cybercriminals penetrate your corporate network and systems. This paradigm shift dictates that organizations change their information risk management strategies from prevention-based to post-breach detection security approaches, if they are to maintain and safeguard their cybersecurity posture.
Prevent threat-actors who have managed to infiltrate your network from moving unimpeded for months, stealing data and intellectual property.
In a Nutshell
What is Active Defense
Lay traps to catch attackers in the event of a breach
Lure and deceive attackers into revealing information about them
Buy valuable time by delaying and misdirecting attackers in your network
How it Works
What it does
Defense “Decoys and Beacon Traps” are designed to detect reconnaissance and malware related activity, as well as to access and/or use planned fake information, which may include user access credentials, database connections and network shares, in order to deceive cybercriminals into thinking they have discovered a way to escalate their privileges, perform lateral movement, and/or access sensitive information/data towards achieving their goals.
If threat-actors attempt any probing or access any fake information, ClearSkies™ Active Defense triggers an alert notification, and delivers attack-vector information to ClearSkies™ Cloud SIEM for further analysis before an incident is escalated. Attack-Vector information provides you with valuable intelligence as to how cybercriminals interact with assets, including their methods, purpose and source.
By occupying cybercriminals for as long as possible with decoys and traps, organizations can delay them from achieving their real purpose, thus gaining valuable time to take necessary defensive actions.
What you get
Active Defense both compliments and capitalizes on the early detection and response capabilities of your SIEM.
What’s under the hood
Automate Incident escalation so your security personnel can be informed even as the attack is already taking place.
Receive incident notifications via email, SMS and/or push notification on smartphones and tablets with ClearSkies™ Mobile App (for iOS and Android) installed. For more detailed information related to incident escalation, refer to the ClearSkies™ Secure Web Portal (SWP) “Event Management” ServiceModule.
Deploy and manage ClearSkies™ Active Defense by your own Security Operations Center (SOC) or by Odyssey’s 24/7 Managed Security/Detection & Response (MDR) Services.