Skip to content

The Technology Behind Our Cyber Threat Deception

Home News & Blogs The Technology Behind Our Cyber Threat Deception

Here at CounterCraft, we know we have the best active defense technology on the planet. Our Cyber Deception Platform is the most advanced in the world, which is why we have clients ranging from NATO to the US Department of Defense.

But what is it, exactly, that sets us apart from other deception companies?

The different pieces of proprietary technology that make up our platform create a powerful, versatile tool for creating deception environments for your attackers to fall into.

ActiveLures draw threat actors into our ActiveSense environments, where a DeepSense Agent gathers telemetry and ActiveBehavior keeps the environments looking real and lived in. Then our ActiveLink safely communicates the data gathered to the Deception Director in order to transmit it to you, either directly within the platform or via any third-party integrations you have set up.

Read this blog to find out more about the pioneering technology behind our platform. You can also find out more by clicking here.

ActiveLures

Custom or template-based CounterCraft breadcrumb technology that can be deployed across multiple endpoints, servers or even on internet based platforms such as PasteBin, GitHub and Shodan. Both passive and active breadcrumbs allow you to tailor them to attract exactly the adversary you are targeting. The main job of the ActiveLures is to attract adversaries into the CounterCraft ActiveSense Environments.

ActiveSense Environments

ActiveSense Environments are the core of your CounterCraft deployment. They contain real machines, and real services that provide a credible environment to deflect and monitor the adversary.

ActiveSense Environments are deployed quickly and controlled from the CounterCraft Platform. A wide range of host-types and services are available, out of the box, to create an environment that is credible and makes the adversary think they have struck gold!

ActiveSense Environments combine the detailed telemetry collected by the DeepSense agents and the command and control capability of the CounterCraft ActiveLink network to provide a full, deep sensing environment to collect and deliver all adversary activity in real-time.

DeepSense Agent

How to gather telemetry unseen and undetected? The CounterCraft DeepSense agent is the key. The fully cloaked agent gathers all adversary activity on the deception host and sends it back to the CounterCraft ActiveConsole via the ActiveLink command and control network.

ActiveBehavior

ActiveBehavior is a human interaction simulation tool that keeps a deception environment looking authentic without you lifting a finger by automating the process of logging in and performing “typical” user activities, or basic SysAdmin tasks.

How to deliver detailed telemetry on adversary behavior undetected and in real-time? The CounterCraft ActiveLink network does it all. ActiveLink provides a full command and control network for the ActiveSense Environment. It allows completely cloaked exfiltration of DeepSense telemetry and also allows real-time control over hosts, services and breadcrumbs for instant response to adversary activity. ActiveLink also allows the system to be deployed across a wide range of complex networks.

Deception Director

The Deception Director is the heart of the CounterCraft Platform. The web-based console provides full design, deployment, and management functionality for all of the components, from ActiveLure deployment to automatic responses to detected adversary activity. The Deception Director can be hosted locally or remotely and provides a powerful tool for analysis, alerting, and active defense deployment.

Integrations

The Countercraft Cyber Deception Platform plays nicely with other platforms. If you need to share threat intelligence or incident data with another platform, our platform makes this easy, whether it’s a SIEM, SOAR, Intel Sharing Platform or messaging service, the chances are it is already part of the CounterCraft third-party integration family. If you can’t find your specific app, a fully documented RESTful API is available to make new integrations a breeze.

Get more details on the benefits of our platform and how it works here.