Deception360

Deception-based threat detection, prevention and response

Next-generation deception

PacketViper’s Deception360™ is cybersecurity software that actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

Deception360 is a transformative and trusted cybersecurity solution for organizations seeking to cost-effectively defend converging Operational Technology (OT) and Information Technology (IT) networks and modernize cybersecurity without a ‘rip and replace’.

Deception360 provides measurable cybersecurity outcomes that improve OT/IT security, preserve OT process uptime and streamline security operations unlike anything else in the market.

Deception-powered use cases

Simply put, we use deception in a couple of powerful ways to drive security outcomes that make a difference.

First, we stop the threats outside your network from getting in. At the network boundaries Deception360 brings the principles of a moving target defense, making the network hard to understand during reconnaissance. This is true for both external gateways and OT/IT boundaries.

Then for threats on the network, we entice them to reveal themselves so that we can reduce their effective dwell time and take action to eradicate them.

A summary of our use cases includes the following:

Internal threat detection
Boundary defense & threat prevention
Automated threat response
Threat hunting
Vendor risk management (VRM)
Ransomware & DDoS prevention
Firewall and SIEM optimization
Compensating control/ critical asset fencing

Not a honeypot

Our deception-based approach is disruptive and makes practical sense. Deception is a dynamic mainstay for attackers who use it to trick us into revealing information that increases their probability of success. In turn, we respond with mostly static, insufficient defenses.

Deception360 turns the tables on threats at the earliest stages of their attack cycle, greatly increasing the difficulty of their attack at initial reconnaissance. Threat detection is equally effective against known and unknown threats.

Other deception solutions are costly and complex while only offering the single use of internal (on-network) threat detection. Alternative technologies like firewalls, SIEM and endpoint solutions are necessary but insufficient for keeping up with threats. Deception360 adds a much-needed layer to the security stack.

Aligning OT & IT security

The agentless nature of Deception360 makes it ideal for OT. Networks can be passively monitored with no false-positives and without unplanned downtime. The solution passively monitors the OT & IT networks without scanning.

This improves visibility while gathering intelligence on network threats performing reconnaissance and moving laterally, all while preserving options to respond to attacks at wire speeds within a segment or across the enterprise.

Measurable security outcomes

You will regularly see the measurable impact of the deception-based approach to network defense.

Expect to harvest thousands of new threats per month, see traffic reductions up to 70% while firewall and SIEM utilization stabilize.

How It Works

Deception360 uses proprietary and agentless Decoys, Sirens and Sensors for network obfuscation, threat detection without false positives and the ability to automatically respond to threats.

Decoys are highly believable targets for threats actively scanning a network to potentially exploit or attack. Sirens emulate network traffic as if they were fully functioning systems to lure passively listening threats. Sensors provide a transparent mechanism to broadly monitor visible network traffic for anomalies and emerging patterns and support proactive threat hunting. All of our deceptive artifacts are entirely software-based and vendor agnostic. Decoys and sirens can be configured to match any type of OT or IT device.

The solution can evolve from mirror mode to in-line security. When inline customers can act on threats directly from the solution, up to and including blocking. Operating inline the solution also harve
sts and applies new machine-readable threat intelligence (MRTI) at wire-speed.

Deploy virtually, as an appliance, through AWS or Azure. Either way, from a basic initial setup and deploy service, to ongoing active threat hunting and dynamic deception campaigns, you can achieve the desired security outcomes.

Addressing security controls

Deception360 uniquely supports many important NIST and NERC CIP security controls that you may not have previously thought of addressing with a deceptive approach, but doing so will help achieve the actual intended goal of the control.

NIST Framework for Critical Infrastructure Cybersecurity	NIST 800-53 Security and Privacy Controls for Information Systems
Identify (ID) Protect (PR) Detect (DE) Respond (RS) ID.RA.2: Threat and vulnerability information is received from information sharing forum sources ID.RA.3: Internal and external threats are identified and documented PR.DS.2: Data in transit is protected PR.DS.5: Protections against data leaks are implemented PR.IP.7: Protection processes continuous improvement DE.CM.1: The network is monitored to detect potential cybersecurity events DE.CM.7: Monitoring for unauthorized personal, connections, devices and software is performed DE.DP: Detection Processes RS.MI.1: Incidents are contained RS.MI.2: Incidents are mitigated	RA-3: Dynamic threat awareness RA-10: Threat hunting SC-5(3): Detection and monitoring SC-7: Boundary protection SC-7(9): Restrict threatening outgoing traffic SC-7(10): Prevent exfiltration SC-30: Concealment and misdirection SC-26: Decoys SI-4(1): Systemwide intrusion detection SI-4(5): System generated alerts SR-3: Supply chain controls and processes SR-3(2): Limitation of harm
	NERC Critical Infrastructure Protection Standards (NERC CIP)
	CIP-003: Cyber Security Management Controls CIP-005: Electronic Security Perimeter(s) CIP-007: System Security Management CIP-011: Cyber Security – Information Protection

Getting started is easy

A proof-of-concept (POC) clearly demonstrates measurable outcomes and benefits. We regularly support POCs in our efforts to demonstrate our commitment to keeping the brand promise of Deception360.