Skip to content

Making Advanced Active Defense Even Easier to Use with v2.9

Home News & Blogs Making Advanced Active Defense Even Easier to Use with v2.9

CounterCraft’s latest release features a bundle of improvements made with our clients in mind. This version builds on the strides made with version 2.8, which included the introduction of ActiveBehavior, an industry-first human interaction simulator. Version 2.9 is all about refining different aspects of our platform to make them easier to deploy and more user friendly, from further integration EQL to new solutions specific to specialized sectors.

Major improvements in ease of use

CounterCraft version 2.9 is simpler than ever to deploy. From day one, the changes in 2.9 will drastically cut the configuration time necessary to get the Cyber Deception Platform up and running. One of the standout changes is the ability to automatically create notifications for new services—it is no longer necessary to do this manually. This frees up your team’s valuable time without reducing the effectiveness of the platform. Other ease of use improvements in the new version include:

  • Automatic rules created for new services
  • Simplified daisy-chaining, directly from the console (select licenses only)
  • Windows screenshot capability
  • The new version also features increased coverage for RHEL 7 and 8 and also new access to SUSE Linux.

Focusing on the bottom line: faster threat intel

CounterCraft 2.9 focuses on the end goal: deception that brings in accurate, real-time threat intelligence. Version 2.9 packages up several powerful enhancements that add up to faster (and, as always, ultra credible) threat intelligence for your organization.

EQL Everywhere

EQL, or Endgame Query Language, is now present in every aspect of the platform. Rules now use EQL syntax, and the Data Explorer event search feature works with EQL as well. This means improved searchability and ease-of-use with a more flexible language for generating threat intelligence.

The only deception vendor running the latest version of MITRE ATT&CK

CounterCraft is the only deception vendor to run a true integration of MITRE ATT&CK in the platform. We had integrated the latest version of MITRE on the day of launch. The improvements now include compatibility with containers and Google Workspaces.

Saving time with automated rule creation

We’ve automated the creation of rules, a key component of any deception campaign. Rules are now automatically added for new services, which means users will get automatic notifications for service specific adversary activity.

New solutions for military licenses

For customers with a military license, these two upgrades are extremely useful. The new air-gapped installer allows deployment in unconnected network environments. Just define the environment, download and install! The install bundle contains all the software required to install the Deception Director, the Deception Support Node, and all supported services for the chosen operating systems.

Continued evolution of ActiveBehavior

Our last update featured the unveiling of ActiveBehavior, the Human Interaction Simulator. Now, in 2.9, it continues to evolve. The latest version of ActiveBehavior features new user personas for even greater credibility, a new configuration option menu within the service menu, and select personas with different behavior patterns to enhance believability.

New third-party support

Active Directory: The new CounterCraft Active Directory update allows users to include Zero-Logon attack detection. This new addition means Active Directory features within CounterCraft are even more useful.

Sucuri: CounterCraft now provides new support for Sucuri’s website security scanner. This will allow the monitoring of events and users from the WordPress administration panel.

SUSE: The new SUSE support on the CounterCraft platform allows CounterCraft to communicate with the industry’s most adaptable Linux operating system, providing world first deception support for SUSE users.

Find out more…

For more information on version 2.9, download the technical memo here.

Find out more about our state-of-the-art, ever-improving Cyber Deception Platform. We are happy to explain what we do, and how we can help you get the best out of deploying deception – from an initial conversation or simple demo, to a fully featured deployment.

Contact us to begin your cyber deception journey with CounterCraft!