MAZERUNNER - Cymmetria Cyber Deception
Detect Lateral Movement | Hunt Attackers | Automate IR
What Is Cyber Deception?
Cyber deception leverages the fact that attackers always follow a predictable attack pattern: reconnaissance, lateral movement, and exploitation. When attackers use tools like Responder.py (for Pass-the-Hash attacks) while targeting sensitive business processes and assets (e.g., SWIFT), deception technology creates a controlled path for them to follow. Attackers are diverted from organizational assets and into controlled environments, giving defenders the upper hand in detection, investigation, and mitigation.
How MazeRunner Works
MazeRunner gives organizations a solution for creating effective deception stories. Deception stories, which are comprised of breadcrumbs and decoys, lead attackers to believe that they have successfully gained access to a target machine. Breadcrumbs are data elements (such as credentials) that lead attackers to decoys. Decoys are machines that run live services; when they are attacked, MazeRunner raises an alert and gathers forensic data.
- Git – Source-code management for Linux decoys
- MySQL – Database service for Linux decoys
- Network Monitor – Monitors for unrecognized machines in the network. For Windows and Linux decoys. *See expanded definition, below.
- OpenVPN – Virtual private network (VPN) service for Linux decoys
- RDP – Remote Desktop service for Windows decoys
- Responder – This service can, in addition to connecting to the network breadcrumb, monitor for attackers performing NBNS spoofing and Responder usage directly from the decoy. The username, domain, and password will be fed to the attacker from the decoy. Activating MazeRunner’s Pass-the-Hash Monitor (ActiveSOC > Pass-the-Hash Monitor) allows raising alerts when stolen credentials are used in the network.
- SMB – Creates a shared folder on the decoy. For Windows and Linux decoys.
- SSH – Remote shell service for Linux decoys
- Web application – Allows running a custom, user-controlled website, or a built-in HTTP server with a pre-set web application such as MediaWiki, SugarCRM, or phpMyAdmin. For Linux decoys.
MazeRunner integrates into the organization as follows:
- On endpoints – Breadcrumbs are generated as scripts to be placed on Linux and Windows machines
- On the organization’s network – Decoys become part of the network; they can be placed on any VLAN or in the cloud
- With existing security tools – SIEM, syslog, threat intelligence, IDS, and more. For example, MazeRunner can feed information into a sandbox to automatically process malware samples, it can be integrated with threat intelligence solutions, it can be used for IP reputation, and network traffic captured by MazeRunner can be fed into IPS solutions.
Request a Demo
eSec Forte Technologies is an CMMi Level 3 | ISO 9001:2008 | ISO 27001-2013 certified Cyber Security and IT Services Company, Having headquarters in Gurugram, Mumbai, Bangalore, Delhi & Durgapur – India. We are Value Added Partner of MazeRunner Cymmetria – Cyber Deception Solution.
Buy Cymmetria Cyber Deception
eSec Forte Technologies is an CMMi Level 3 | ISO 9001:2008 | ISO 27001-2013 certified Cyber Security Audit Company and IT Services Company with service offerings in Information Security like VAPT Services, Penetration Testing Services, Vulnerability Assessment Services , Amongst our clients we proudly count Government Organizations, Fortune 1000 Companies and several emerging companies. We are also Value Added Partners of cymmetria Cyber Deception.
We are headquartered in Gurugram, Mumbai, Delhi, Bangalore & Durgapur – India. Contact our sales team @ +91 124-4264666 you can also Drop us email at firstname.lastname@example.org for implementation of cymmetria Cyber Deception at your Enterprise.