According to Gartner, Automated Moving Target Defense (AMTD) solutions will replace at least 15% of traditional detection and response solutions by 2025, which shows just how revolutionary this technology could be. The strategy has drawn significant attention from end customers, and a recent Gartner paper, Emerging Tech: AMTD Deception Technology Supporting Next-Generation CPS Security, talks about exactly how deception technology can play a role in AMTD as one of the best ways on the market of increasing Cyber Physical Systems security requirements.
Ruggero Contu, the analyst behind the recent paper, positions deception as the linchpin supporting the next generation of Critical Infrastructure Protection (CPS) security. Here at CounterCraft, we know this to be true—and have written about deception’s role in AMTD many times. Contu singles out CounterCraft as a standout vendor in this evolving landscape.
“Deception technology is attracting increasing interest to secure cyber-physical systems (CPS) due to close alignment with CPS security limitations.”
– Ruggero Contu, Gartner
Fortifying next-gen CPS security is a priority, but there are specific challenges and difficulties to securing this type of environment. CounterCraft, however, is well positioned to play a pivotal role in securing CPS/OT companies since, unlike some solutions that necessitate modifications to the existing Supervisory Control and Data Acquisition (SCADA) network, CounterCraft’s innovative solution does not require any modification.
CounterCraft supports Cyber Physical Systems security and AMTD
Deception technology is able to provide user/asset/physical process authentication and behavior analysis in Cyber Physical Systems (CPS), instrumental in the proactive protection of critical assets but doing so without imposing any burden on the normal operation of services. The essence of CounterCraft’s approach lies in the deployment of deception assets within the OT network, strategically configured to mimic other devices seamlessly.
CounterCraft’s approach is key, for several reasons:
- CounterCraft does not require modifying existing SCADA/ICS networks to protect organizations’ CPS
- CounterCraft supports deploying deception at multiple layers in ICS/OT environments: PLC/RTU, IEDs and controllers, HMI systems, applications, databases and file servers.
- CounterCraft has developed a deception solution that can mimic specific OT environment architectures.
CounterCraft creates an environment where a deception host, resembling a genuine production human-machine interface, attracts potential attackers. The beauty lies in the fact that, when engaged, this deceptive facade triggers a confirmed alert in real time, exposing the ongoing attack. Zero false positives. Valuable threat intel in real time. All on difficult-to-defend CPS and OT networks.
Cyber deception is uniquely positioned to face the challenges inherent in these environments.
CounterCraft’s key differentiators for CPS security
What sets CounterCraft apart is its non-intrusive deployment and architecture. OT/CPS/SCADA networks often work under severe limitations when it comes to modifying the network, as any interference could have cascading consequences. CounterCraft requires no network modification, making it ideal for this type of network.
The significance of CounterCraft’s contribution is not limited to immediate threat detection. By engaging with attackers in real time, CounterCraft’s solution offers a unique vantage point to glean intelligence. Understanding the attacker’s objectives and Tactics, Techniques, and Procedures (TTPs) becomes more profound, empowering organizations to fortify their defenses based on real-world insights.
In the realm of CPS/OT security, CounterCraft not only defends against sophisticated threats but also gathers intelligence from would-be attackers. The Gartner recognition affirms CounterCraft’s position at the forefront of the evolving landscape, poised to redefine the narrative of cybersecurity in industrial environments.
The Platform can identify how threat actors try to move laterally across OT systems to understand their activities and targets. This threat actor monitoring is done in a safe way, as malicious actors are triggered to interact with deception infrastructure made of emulated HMIs and PLCs. Find out more about how cyber deception is uniquely positioned to face the challenges inherent in these environments.
This is how Red Eléctrica, Spain’s national electricity grid operator, detects ICS-OT system attacks in real time.
About CounterCraft
CounterCraft is a software company that goes beyond detection and response to provide proactive cybersecurity solutions and detect attacks faster for the world’s leading organizations. Their premier product, CounterCraft The Platform™, consistently stops red teams, spear phishing, ransomware attacks and insider threats. This distributed deception platform is a global leader in active defense, with tooling that provides real-time intelligence and the capability to manipulate adversary behavior. Their technology stops attackers in pre-breach recon phases, integrates contextualized threat intel with incident response workflows, and saves money and time by helping security teams prioritize their actions. CounterCraft The Platform is used successfully around the globe by Fortune 500 companies and government organizations, including the US Department of Defense.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gorka Ariznabarreta is the Product Manager at CounterCraft, responsible for the company’s product design and development. Follow him on LinkedIn.
Adversary-generated Threat Detection Powered by Deception
CounterCraft provides actionable threat intelligence in real time using deception technology. Unlike comparable technology, which takes up to 270 days to provide threat intelligence that requires an analyst to determine if it’s relevant or not, CounterCraft delivers intelligence generated by your adversaries, in real time, that enables you to implement remediation immediately. Active defense allows organizations to identify unknown risks and threats tailored to their external and internal attack surface and delivers detailed telemetry.