|

Deception

Lure Attackers to Reveal Their Presence

Request a Demo

The Challenge

Advanced attackers study their target environment carefully, as well as the protection measures in place and learn their weaknesses until finding a way to evade detection. No protection is 100% proof and combination of persistency, skill and determination can eventually outrun the best detection.

The Solution

Cynet Deception technology plants various types of decoys across the environment to tempt attackers to get out of their hidings and reach out for what seems to be a valuable hunt and by doing that reveal their presence and former activities. With Cynet Deception technology there are zero false positives – only live malicious presence can trigger a deception alert.

Deceive Attackers with Various Honeypots: Decoy Files, Passwords and Network Connections

Cynet deception security supports various types of decoys, to detect threats in various stages of the attack’s lifecycle: data files, credentials and network connections. In each type, the consumption action triggers the alert – login attempt with a decoy password, connection attempt with RDP or URL and opening a data file.

Cynet provides both off-the-shelf decoy files as well as the ability to craft your own, while taking into account your environment’s security needs.

Detect Attacks at the Credential Theft Stage:
Decoy Passwords

Passwords are extremely valuable to attackers attempting to expand their foothold within a compromised environment. Cynet crafts and plants text files containing false passwords along attackers’ potential routes. Any attempt to log in with these passwords triggers an alert.

Decoy File Accessed

Passwords extracted

Login attempt with decoy password

Alert

Detect Attacks at the Lateral Movement Stage:
Decoy Connections

When seeking to expand compromise across the environment to access organizational resources, internal network shares and RDP connections are extremely attractive. Cynet’s decoy connections enable the reliable detection of attackers during the hard –to-detect lateral movement stage.

RDP file accessed

Connection Attempted

Alert

Detect Attacks at the Data Access and Exfiltration Stage:
Decoy Data Files

Data Files

The attacker’s top object is to get hold of sensitive data – IP, PII, business plans, etc. Cynet crafts and plants decoy data files and links – similar to what attackers would seek in the target organization – and plants them across endpoints and servers in the environment.

Decoy Data File Beaconing

When an attacker opens a decoy data file at its premise, an alert is triggered and the file sends Cynet the malicious IP address at which it resides.

Watch Cynet in Action

Request a Demo

The Cynet 360 Platform

Cynet Deception is a native part of Cynet 360, the only security platform that protects the entire environment including users, network, files and hosts, by integrating Deception with:

NGAV

Automated prevention of malware, exploits, fileless, Macros, LOLBins and malicious scripts

EDR

Detection and investigation of advanced threats on the endpoint

UBA

Detection and prevention of attacks that involved compromised of user accounts

Network Analytics

Prevention and detection of network-based attacks.