PacketViper’s Deception360 solution is very different in method and implementation from deception solutions that only provide internal threat detection. Deception360 truly provides automated, deception enabled threat detection, prevention, and response both internally and externally. Other deception technologies only support an internal threat detection use case.
A brief summary comparison of PacketViper deception enabled threat detection, prevention, and response and an ‘internal threat detection only’ common deception solution is as follows:
Internal threat detection-only focused deception technologies are characterized by the following:
- Strictly focused on internal threat detection. Other deception tolls don’t go to work until the threat is on the network.
- Providing a very narrow field of view based solely on the decoys and artifacts themselves.
- Creating, re-creating, and constantly chasing highly detailed decoys that will withstand continued scrutiny and engage attackers on the network.
- Providing alert-only feedback, relying on expensive threat hunters and analysts to do something with TTP, IOCs, and other artifacts.
- Responses to identified threats require integration, orchestration and/or manual intervention processes.
PacketViper’s Deception360 deception-enabled threat detection, prevention, response, and containment capabilities focus on the following:
- The ability to deploy decoys, sensors, deceptive artifacts, and continuously moving deception techniques on a network boundary to obfuscate the network and prevent external threats from entering.
- Internal threat detection, prevention, response, and containment without orchestration with any other security tools or processes.
- Increased transparency into all network traffic, not just that which interact with deceptive elements.
- Easily supporting saturation-levels of deployed Sensors, Decoys, Sirens and Deception360 artifacts that identify unwanted and potentially malicious traffic on the network.
- Stopping attackers very early in the cyber kill-chain before they get a chance to mount an effective attack.
- Added context to network traffic to enable shaping based on not just decoys but through source geography and organization-based policies
Deception360 is able to deliver so much more value because it deploys in-line between two or more networks. This inline position, deployed most commonly as in invisible and undetectable bridged connection between network boundaries means that attacks can be blocked, at network speed. In addition to outright blocking, attackers can alternatively be routed to sandbox segments for further analysis or slowed (a function we call tarpitting) depending on security objectives.