Cyber Deception Platform
Internet has become accessible both to corporate devices and novice users that may browse it freely. Nowadays with the enormous development of social media, cyber-criminals have an additional path to gain access to an internal network. They create fake profiles and try to convince their victims via private messages to open their malicious files. Such files can either take full control of the victim’s machine and hence access the internal network or infect devices with Ransomware. Other methods include gaining legitimate accounts through successful phishing attacks and accessing a corporate network as a legitimate user.
Unfortunately, existing mechanisms are not capable of protecting Organisations from these types of attacks:
- Even modern security detection mechanisms identify only specific breaches from specific threats and attacking strategies, and often fail to effectively address a number of constraints imposed by the very aggressive and competent profile of modern attackers and the limited time given for reaction. Prevention systems are unable to detect attacks that use valid traffic.
- Detection systems generate large amounts of false positives (i.e. false alarms).
- Attackers are very careful, in order to avoid getting caught, following valid paths, thus becoming stealth in a network.
- Even when an attack is detected, there is no time to react promptly.
Therefore, a new type of detection is required, isolating the attacker into a virtual network.
Neurosoft addresses these issues by changing the way IT systems are protected, with Illicium, a Cyber Deception Platform that offers Security through Deception. Illicium provides a collection of very lightweight agents (i.e. “fake systems”) which can be deployed in active parts of the IT infrastructure to assist in the detection of security attacks. These fake systems aim to deceive the attacker, by making him believe that he is working on a legitimate system, and provide analysts with the ability as well as the necessary time to identify and isolate him on a fake infrastructure that looks like the original.
Illicium’s state-of-the-art architecture is based on:
- The deployment of multiple detection points which may be very close to the real data (sometimes even mixed with them).
- A sophisticated architecture to minimise the additional load introduced to an IT infrastructure.
- A collection of lightweight agents which can be fully active honeypots by design, unlike most honeypot implementations that are semi-active or passive.
Illicium’s deceptive technology offers an efficient way to:
- Detect valid attacks with very high confidence.
- Deceive and delay the attacker by making him believe that he is hacking the right systems while he is actually hacking something fake.
- Gain enough time for reaction by isolating the attacker in this fake infrastructure, recording his tactics and properly adapting the security systems to his attack pattern.
Illicium’s key features include:
- Support of multiple Users and User Roles (for Illicium management and administration).
- Graphical representation of attacker info (IP, country, etc.).
- Graphical representation of target info (incl. Geolocation).
- Ability to create rules for detecting attacks.
- Ability to create rules for emergency responses.
- Alerting via e-mail, SMS or other channels.
- Reporting & Statistics.
- Customisable deployment monitoring per User.
- Backup management.
- Northbound API to connect with external applications.
- Integration with SIEM systems.