Cyber Deception platform

Description

Labyrinth creates the illusion of a real infrastructure vulnerability for an attacker. The solution is based on Points, a smart host simulation. Each part of the simulation environment reproduces the services and content of an actual network segment. The system consists of four components that interact with each other. The main components of the Platform are:

• Admin VM is the main component. All collected information is sent to it for analysis. The console notifies the security team and sends the necessary data to third-party systems.

• Worker - a host/virtual machine for deploying a set of Labyrinth network decoys (Points) on it. It can work in several VLANs simultaneously. Several Worker hosts can be connected to the same management console simultaneously. 

• Points are intelligent hosts that mimic software services, content, routers, devices, etc. Points detect all malicious activities within the corporate network, providing complete coverage of all possible attack vectors. 

• Seeder agents deployed on servers and workstations imitate the most attractive file artifacts for an attacker. By creating various decoy files, the agent directs attackers to network decoys (Points) through their contents. 

The Platform automatically deploys points (decoys) in the IT/OT network based on information about services and devices in the network environment. In addition, decoys can be deployed manually, providing users with a powerful tool to develop their unique deception platform based on their specific needs and best practices. The Labyrinth provokes an attacker to act and detects suspicious activity. As the attacker passes through the fake target infrastructure, the Platform captures all the details of the enemy. The security team receives information about the sources of threats, the tools used, the vulnerabilities exploited, and the attacker's behavior. At the same time, the entire real infrastructure continues to operate without any negative impact.

KEY CHARACTERISTICS:

• Multiple types of decoys for IT/OT environments.

• Easy to deploy and maintain.

• No alert fatigues.

• Fully virtualised (Microsoft Hyper-V, VMWare, KVM).

• MSSP/SOC services ready with the multi-tenancy support.

• Fair licensing scheme.

• The 3^rd party integrations: Splunk, IBM QRadar, CrowdStrike, Fortinet and more,

Gartner Peer Insights: click here

Additional resources: click here 

Let us know if you have any additional questions: info@labyrinth.tech

Thank you!

Labyrinth Team.