Deception Technology
Post-Breach Detection Based on Deception
The latest class of network breaches is challenging the effectiveness of traditional detection and prevention tools and technologies.
It is only a matter of time before motivated threat actors manage to penetrate corporate network and systems. This is why organizations adapt their information risk management strategies from a prevention-based to a post-breach detection, towards achieving and maintaining their cyber resilience.
Gather counter-intelligence pertaining to malware and threat actors that have penetrated your network. Stop them from strategically and progressively performing lateral movement in their search for sensitive information and high-value assets.
In a Nutshell
What is Active Defense
Lay Beacon-Traps and decoys to stop threat-actors already in your network.
Lure and deceive threat-actors into revealing their true intentions.
Gain valuable time to take appropriate response actions.
How it Works
What it does
Defense “Decoys and Beacon Traps” are designed to detect reconnaissance and malware related activity, as well as to access and use “planted” fake information, which may include believable user access credentials, database connections and network shares. The goal is to deceive threat-actors into thinking they have discovered a way to escalate their privileges, lateral movement, and access sensitive data towards achieving their goals.
If threat-actors attempt to probe and access any fake information, ClearSkies™ Active Defense triggers an alert notification, and delivers attack-vector information to ClearSkies™ SIEM for further analysis. Attack-vector information provides you with valuable intelligence as to how threat-actors interact with systems and network, including their methods, purpose and source.
By occupying threat-actors for as long as possible with “Decoys and Beacon Traps”, from achieving their real purpose, you gain valuable time to take necessary defensive actions.
Benefits
What you get
ClearSkies™ Active Defense both compliments and capitalizes on the early detection and response capabilities of your SIEM.
Post-Breach Detection
Minimizes the time between the initiation of an attack and its detection.
Decrease attacker dwell time
Drastically reduces the time a successful threat-actor spends scouting unnoticed within the corporate network and systems.
Comprehensive visibility
Provides comprehensive visibility of the threat-actor’s intentions in your corporate network.
Reduced False Positives
Focuses on real threats, thus accelerating your organization’s response and overall cyber resilience capability, effectively improving your security posture.
Intelligence Gathering
Helps you gather valuable information about the methods used, purpose and source, which can help you both improve your processes, network and system defences. This information could help as well with the prosecution of these threat-actor(s).
Regulatory compliance
Helps you meet audit and legal regulatory compliance requirements.
Scalable
Can be easily scaled at any given time, depending on organizational needs and/or budget requirements.
No risk
Poses no risk whatsoever to data exchanged/stored and has no impact on the availability/integrity of network and system resources.
Features
What’s under the hood
Automate Incident escalation so your security personnel can be informed even as the attack is already taking place.
Receive incident notifications via email, SMS and/or push notification on smartphones and tablets with ClearSkies™ Mobile App (for iOS and Android) installed. For more detailed information related to incident escalation, refer to the ClearSkies™ Event Management “ServiceModule”.
Deploy and manage ClearSkies™ Active Defense by your own SOC or by Odyssey’s 24/7 Managed Security/Detection & Response Services.
Ecosystem
How does Active Defense tie in to the ClearSkies™ Threat & Vulnerability Management Platform?
ClearSkies™ Active Defense is part of the cross-layered extended detection and response capabilities that enable you to associate threats with vulnerabilities while automating and orchestrating response actions.
Learn more about the ClearSkies™ Threat & Vulnerability Management Platform ecosystem.
Intuitive User Experience
Secure Web Portal (SWP)
Real-time visibility of your security posture made easy.
Mobile App
Real-time visibility while on the go.
Learn More
Get the Datasheet
ClearSkies™ Active Defense both compliments and capitalizes on the early detection and response capabilities of your SIEM.
