Fidelis Cybersecurity officially launched its new Deception Module on Jan. 25, to help organizations lure and detect attackers.
The Deception Module is based on technology that Fidelis gained with its October 2017 acquisition of TopSpin Security. Fidelis has now integrated elements of TopSpin's technology into the Elevate Platform, to provide new capabilities for organizations to help mitigate threats.
"At TopSpin we built a deception and detection platform that is a bit different than what the other deception technology companies have built," Doron Kolton, Chief Strategy Officer of Emerging Technologies at Fidelis Cybersecurity and former CEO of TopSpin told eWEEK.
Kolton explained that the TopSpin technology starts by looking at all the traffic inside of a network to understand what is going on within an organization. The deception platform uses all of the information it learns in order to automatically setup appropriate deception traps inside of a company.
"At the same time the platform is identifying what's on the network and setting up deceptions, it is also triggering anomalies and detecting command and control nodes," Kolton said.
Command and control traffic typically is associated with malware botnet activity, with a compromised endpoint sending and receiving traffic. Kolton emphasized that while deception is a core part of the platform, so too are the identification elements for existing malware and botnet activities. The Fidelis Elevate platform already includes network and endpoint modules for risk detection. Kolton said that the new deception module adds a new layer of capability to detect threats across an enterprise.
"We believe that deception is an essential part of detection," Kolton said. "The real question though is how you lure the attacker with a decoy."
Kolton explained that the new Fidelis Deception Module deploys what he referred to as "breadcrumbs" that attempt to lead attackers to an emulated decoy of a high-value target. Since Fidelis knows what is running inside of an organization, it also knows which assets are more valuable and have a higher risk of being attacked.
The Fidelis Deception Module also has specific capabilities for attackers going after Microsoft Active Directory, which provides user role and access to applications and services across a network. Rami Mizrahi, VP at Fidelis Cybersecurity explained that the Deception module will have fake users and decoys that interact with Active Directory.
"So for the advanced attackers that go after Active Directory, they will find interesting machines that look real that have passwords that can be cracked," Mizrahi told eWEEK.
There are also database deceptions as part of the Deception Module, with multiple types of databases emulated by the platform. Mizrahi said that the emulated database decoys respond to queries with fake information sent to attackers.
At the top level, Kolton said that there is a dashboard that provides reporting for the Deception Module. Additionally the technology can connect with an organization's existing SIEM (Security Information and Event Manager) platform. With the overall Fidelis Elevate platform, Kolton said that the former TopSpin technology now becomes part of a complete Automated Detection and Response (ADR) offering. The Deception Module can communicate with existing Fidelis endpoint and network technologies to identify and block potential rogue activities.
The market for deception technologies is an increasingly crowded one with multiple vendors, both large and small. In October 2017, Symantec entered the deception market with the launch of its Symantec Endpoint Protection (SEP) platform 14.1 release. The deception market also has its fair share of startups including TrapX, Illusive, Acalvio and Attivo. Kolton sees the ADR capability as being a key differentiator for his company.
Looking forward, Kolton said that Fidelis will continue to enhance its deception capabilities over the course of 2018 with additional breadcrumbs and targeting capabilities. He added that a core area of focus for Fidelis in 2018, will be cloud related services which will also benefit from the deception capabilities.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.