Network Threat Protection - YES
As described in the excerpt above,
"The targeted real-time intelligence can be used to initiate real-time threat hunting on the internal network and can be used to identify potential weakness in the current security toolset deployment."
Network Threat Detection - YES
Also described in the excerpt above,
"The CounterCraft platform can also be deployed externally beyond the network perimeter to detect attackers before they compromise the internal network."
External and Internal Deception:
The CounterCraft solution has the ability to deploy campaigns both inside and outside of the traditional enterprise network boundary. This means you do not have to wait for an attacker to breach your network. You can be proactive in your security operations and deploy CounterCraft on the external attack surface of your organization to gather intelligence on those targeting your organization from outside.
This in turn will allow you to meet a wide range of use cases. You are not limiting yourself to the post-breach detection of lateral movement on internal networks. This is the main use case that our competitors are optimized for. You can use the CounterCraft solution for the detection of lateral movement and many more uses cases. A few are listed below:
External deception campaigns (Network Threat Detection):
In addition to deploying deception campaigns externally the CounterCraft automated deception platform will allow an organization to deploy deception environments that are based within the network perimeter and externally co-currently. This will allow a customer to protect their internal network and focus on threats such as insider threat yet at the same time run detection campaigns detecting nation state threat actors or cybercriminals whilst they are in the reconnaissance phase of the attack cycle. This delivers real time threat intelligence but in addition clients are able to capture detailed patterns of attacker behavior that goes beyond what is delivered as threat intelligence. For example, a customer can capture what are the first five behaviors the advisory displays and is that pattern repeated across of the deception artifacts they come across. If yes, this can form the basis of a structured threat hunting exercise. So, in summary the tool will allow the customer to:
1. Run deception campaigns co -currently (inside and beyond the organizational perimeter)
2. Collect real time intelligence
3. Collect observed behavioral patterns
4. Feed the patterns into a threat hunt
Early detection within customer environments (Network Threat Protection):
Due to the unique ability to run co-current campaigns simultaneously CounterCraft can gather intelligence on pre-staging activity and provide early detection of attacks within the customer environment. Breadcrumbs can be seeded on to digital assets that are part of the corporate network and will detect attackers redirecting them to a range of deception assets that can be stood up for the customer. These include simple file and print servers, application servers all the way through to creating fake active directory controllers. Once in the deception environment the adversary can be manipulated through the use of rules-based adversary manipulation thereby degrading and slowing down the attackers. The rich telemetry of IOC and TTP that are collected can seamlessly be integrated into a range of 3rd party tools that allow for real time threat hunting to take place. The objective of the hunt is to provide the customers with the data
they need to understand what other beachheads the attackers may haveelsewhere in the network.