Fidelis Deception

Outmaneuver Attackers with Dynamic Deception

Deception technology gives defenders an opportunity to reduce cyber dwell time by altering the adversaries’ perception of the attack surface. Doing so slows down the attacker’s ability to move laterally undetected, changes the economics, and increases the attacker’s risk, giving defenders more time to understand TTPs and ultimately eradicate the threat from the environment. Fidelis Deception allows organizations to quickly and accurately detect attackers, malicious insiders, and malware already inside the network, engage with the attackers and neutralize advanced cyber threats. With Fidelis, defenders can automatically create real, interactive OS decoys as well as emulated services and OS’s, including enterprise IoT devices. Then attackers can be lured to the decoys via breadcrumbs that are continuously updated. Through a unique combination of adaptive intelligent deception, automatic terrain learning and visibility, Fidelis keeps the attackers guessing and dramatically reduces time-to-resolution from weeks and months to hours and minutes

How does Deception work?

Deception becomes deterministic by publicizing decoys with breadcrumbs on real assets luring attackers, malicious insiders, and automated malware to the decoys. Instead of searching in vain for the bad actor within an ocean of good data, deception delivers actionable alerts and events from decoys, AD credentials, poisoned data, and traffic analysis. These alerts have extremely high fidelity. Using deception on-premises and cloud with fresh activity data creates persuasive deception layers that include devices, data, and behavior all designed to turn the tables on attackers. They pursue the lures to decoys so you can detect and defend. Deception becomes deterministic by publicizing decoys with breadcrumbs on real assets luring attackers, malicious insiders, and automated malware to the decoys. Instead of searching in vain for the bad actor within an ocean of good data, deception delivers actionable alerts and events from decoys, AD credentials, poisoned data, and traffic analysis. These alerts have extremely high fidelity. Using deception on-premises and cloud with fresh activity data creates persuasive deception layers that include devices, data, and behavior all designed to turn the tables on attackers. They pursue the lures to decoys so you can detect and defend. Deception becomes deterministic by publicizing decoys with breadcrumbs on real assets luring attackers, malicious insiders, and automated malware to the decoys. Instead of searching in vain for the bad actor within an ocean of good data, deception delivers actionable alerts and events from decoys, AD credentials, poisoned data, and traffic analysis. These alerts have extremely high fidelity. Using deception on-premises and cloud with fresh activity data creates persuasive deception layers that include devices, data, and behavior all designed to turn the tables on attackers. They pursue the lures to decoys so you can detect and defend.

Decoy Profiles

1. Hardware — laptops, servers, routers, switches, cameras, printers, enterprise IoT devices, etc.
2. Software — OS, apps, ports, services, applications, cloud assets, and similar data.
3. Decoys are unknown and obfuscated assets, with no reason for employee access or use.
4. Consume attacker time with high and medium interaction decoys and distract from real assets.

Breadcrumb & Trap Profiles

1. Traps: file, application, network, or credential-based.
2. Breadcrumbs: files, documents, email, system resources, etc.
   
3. Poisoned data, credentials, and profiles that attackers use.