Smokescreen Reviews & Product Details

Labyrinth creates the illusion of a real infrastructure vulnerability for an attacker. The solution is based on Points, a smart host simulation. Each part of the simulation environment reproduces the services and content of an actual network segment. The system consists of four components that interact with each other. The main components of the Platform are: Admin VM is the main component. All collected information is sent to it for analysis. The console notifies the security team and sends the necessary data to third-party systems. Worker a host/virtual machine for deploying a set of Labyrinth network decoys (Points) on it. It can work in several VLANs simultaneously. Several Worker hosts can be connected to the same management console simultaneously. Points are intelligent hosts that mimic software services, content, routers, devices, etc. Points detect all malicious activities within the corporate network, providing complete coverage of all possible attack vectors. Seeder agents deployed on servers and workstations imitate the most attractive file artifacts for an attacker. By creating various decoy files, the agent directs attackers to network decoys (Points) through their contents. The Platform automatically deploys points (decoys) in the IT/OT network based on information about services and devices in the network environment. In addition, decoys can be deployed manually, providing users with a powerful tool to develop their unique deception platform based on their specific needs and best practices. The Labyrinth provokes an attacker to act and detects suspicious activity. As the attacker passes through the fake target infrastructure, the Platform captures all the details of the enemy. The security team receives information about the sources of threats, the tools used, the vulnerabilities exploited, and the attacker's behavior. At the same time, the entire real infrastructure continues to operate without any negative impact.

FortiDeceptor is a non-intrusive, agentless deception platform designed to detect and neutralize active in-network threats by deploying decoy assets that mimic real network devices. By luring attackers into engaging with these decoys, FortiDeceptor enables early detection and response, effectively disrupting the attack kill chain before significant damage occurs. Key Features and Functionality: - Diverse Decoy Deployment: Supports a wide range of decoy operating systems, including Windows, Linux, SCADA, IoT, VoIP, ERP, Medical, SSL-VPN, and POS, allowing for realistic simulation of various network assets. - Deception Lures: Incorporates services, applications, or user simulations within decoy VMs to create authentic user environments, enhancing the effectiveness of the deception. - Token Distribution: Utilizes tokens—such as fake credentials, database connections, and configuration files—placed on real endpoints to guide attackers toward decoys, increasing the deception surface and influencing lateral movement. - Comprehensive Monitoring: Tracks attacker activities through detailed logging of events, incidents, and campaigns, providing insights into their methods and movements within the network. - Seamless Integration: Integrates with Fortinet Security Fabric and third-party security controls like SIEM, SOAR, EDR, and sandbox solutions to enhance visibility and accelerate response times. Primary Value and Problem Solved: FortiDeceptor addresses the critical need for proactive threat detection and response within networks. By creating a dynamic deception environment, it diverts attackers from sensitive assets, reduces dwell time, and minimizes false positives. This approach not only detects early reconnaissance and lateral movements but also provides detailed forensics and threat intelligence, enabling organizations to stay ahead of both known and unknown cyber threats. Additionally, its agentless design ensures minimal impact on network performance and stability, making it an effective solution for safeguarding IT, OT, and IoT environments.

Morphisec Endpoint Threat Prevention thwarts hackers with their own strategies like deception, obfuscation, modification, and polymorphism.

LMNTRIX provides a fully managed 24x7x365 Managed Detection & Response platform. The LMNTRIX multi-vector fully managed platform includes advanced network and endpoint threat detection, deceptions everywhere, analytics, full fidelity forensics, automated threat hunting on both the network and endpoints, and real-time threat intelligence technology, combined with deep/dark web monitoring which scales for small, medium, enterprise, cloud or SCADA/Industrial environments. We Prevent, Detect, Investigate, Validate, Contain and Remediate security incidents. The LMNTRIX platform/service includes full incident validation and remote incident response activities without the need for an incident-response-specific retainer; such activities may include malware analysis, identifying IOCs, automated and human-powered threat hunting, granular threat containment at endpoint level and specific guidance on remediation. The outcomes we deliver clients are fully validated incidents aligned to the kill chain and Mitre ATT&CK framework. No dumb alerts. These outcomes contain detailed investigative actions and recommendations that your organization follows to protect against the unknown, insider threat and malicious attacker.

Tracebit generates and maintains tailored canary resources in your cloud environments, closing gaps in stock protection without time and cost intensive detection engineering.