Hunting the attackers, not the attacks
Post-Breach Detection Based on Deception
The latest class of network breaches is challenging the effectiveness of traditional detection and prevention tools and technologies.
It is only a matter of time before motivated threat actors manage to penetrate corporate network and systems. This is why organizations adapt their information risk management strategies from a prevention-based to a post-breach detection, towards achieving and maintaining their cyber resilience.
Gather counter-intelligence pertaining to malware and threat actors that have penetrated your network. Stop them from strategically and progressively performing lateral movement in their search for sensitive information and high-value assets.
In a Nutshell
What is Active Defense
Lay Beacon-Traps and decoys to stop threat-actors already in your network.
Lure and deceive threat-actors into revealing their true intentions.
Gain valuable time to take appropriate response actions.
How it Works
What it does
Defense “Decoys and Beacon Traps” are designed to detect reconnaissance and malware related activity, as well as to access and use “planted” fake information, which may include believable user access credentials, database connections and network shares. The goal is to deceive threat-actors into thinking they have discovered a way to escalate their privileges, lateral movement, and access sensitive data towards achieving their goals.
If threat-actors attempt to probe and access any fake information, ClearSkies™ Active Defense triggers an alert notification, and delivers attack-vector information to ClearSkies™ SIEM for further analysis. Attack-vector information provides you with valuable intelligence as to how threat-actors interact with systems and network, including their methods, purpose and source.
By occupying threat-actors for as long as possible with “Decoys and Beacon Traps”, from achieving their real purpose, you gain valuable time to take necessary defensive actions.
What you get
ClearSkies™ Active Defense both compliments and capitalizes on the early detection and response capabilities of your SIEM.
What’s under the hood
Automate Incident escalation so your security personnel can be informed even as the attack is already taking place.
Receive incident notifications via email, SMS and/or push notification on smartphones and tablets with ClearSkies™ Mobile App (for iOS and Android) installed. For more detailed information related to incident escalation, refer to the ClearSkies™ Event Management “ServiceModule”.
Deploy and manage ClearSkies™ Active Defense by your own SOC or by Odyssey’s 24/7 Managed Security/Detection & Response Services.
How does Active Defense tie in to the ClearSkies™ Threat & Vulnerability Management Platform?
ClearSkies™ Active Defense is part of the cross-layered extended detection and response capabilities that enable you to associate threats with vulnerabilities while automating and orchestrating response actions.
Learn more about the ClearSkies™ Threat & Vulnerability Management Platform ecosystem.