[SERVICES]
Deception OS
ICE (Traceback)
Prometheus
Deception OS
Lure attackers into a decoy environment to not only halt intrusion and attacks, but also capture logs of attack behavior. Analysis is then conducted based on these logs to identify attack techniques and intrusion paths.
Mechanism
Lure attackers into a decoy environment and fully analyze both them and their methods.
-
01
Set a decoy
Prepare a decoy environment that closely mirrors the real environment.
-
02
Lure them into the decoy environment with false clues
Scatter fake pathways across endpoints and histories,
funneling the attacker’s movement into the decoy environment. -
03
Analyze Logs
Identify attack techniques and intrusion paths based on logs from the lured attacker.
What you can gain
-
01
Early detection
High-precision detection of contact with the decoy enables response to begin before damage spreads. With minimal false positives, only genuinely dangerous indicators are captured.
-
02
Pre-damage disconnection
Rather than the real environment, attackers are stalled in the decoy environment to buy time. This enables swift transition to isolation and neutralization.
-
03
Visualization of Tactics
Record all commands and paths in full, and tie them directly to rules and procedures for preventing recurrence.
This also provides strong support for audits and reporting.
ICE (Traceback)
Identify attacker source IPs and investigate behavioral patterns. Determine the tools and infrastructure (servers) used by attackers, and analyze attacker identities and the organizations behind them.
Mechanism
Embed files in the system that can detect the attacker’s location and other information, enabling identity tracking.
-
01
Identification of the attack source IP
By correlating firewall, EDR, and proxy logs, we pinpoint the source IP with high accuracy.
-
02
Behavioral Pattern Investigation
Reconstruct the recon-to-intrusion-to-lateral-movement timeline and extract behavioral signatures.
-
03
Identifying attacker tools and infrastructure,
and analyzing the organizations behind themUse destinations, hashes, and other IOCs to identify the tools and server infrastructure,
then tier the likely operators behind the attacks. -
04
Prevent data encryption by attackers.
Detect the initiation of data encryption by attackers and terminate the process before encryption is completed.
What you can gain
-
01
Attacker Source Visualization
Enables chained blocking of the attack source IP, related domains, and surrounding infrastructure operated under the same setup.
-
02
Full Attack Picture Assessment
By understanding the timeline from reconnaissance → intrusion → lateral movement and the tools used, you can preemptively close off potential re-entry points.
-
03
Minimizing damage
Identify the attacker’s details and, by terminating the encryption process, minimize the impact of the attack.
Prometheus
After detecting and analyzing attackers, the AI automatically generates and executes counterattack scenarios.
While attempting to reclaim stolen data and privileges, it evolves its attack patterns through learning and uncovers previously unknown vulnerabilities.
Mechanism
After detecting and analyzing attackers, it executes AI-driven counterattacks.
-
01
Aggregating attack data and profiling the adversary
Integrate logs and location data obtained from Deception OS and ICE,
and thoroughly analyze the attacker’s tactics, objectives, and underlying infrastructure. -
02
Generating AI-driven counterattack scenarios
Based on the analysis results,
the AI automatically designs counterattack patterns aimed at reclaiming assets and neutralizing the adversary. -
03
Executing countermeasures and feeding back into defense
Execute countermeasures automatically or with approval in line with policy,
and feed the results back into rules and detection logic to strengthen readiness for the next attack.
What you can gain
-
01
Recovery and neutralization of stolen assets
By invalidating leaked data and dismantling the attacker’s infrastructure, the tangible damage and overall impact can be kept to a minimum..
-
02
Raising the attacker’s cost and risk
Destroying their attack infrastructure and tools significantly reduces their willingness to launch repeat attacks against the same organization, acting as a strong deterrent.
-
03
Defense strengthened through real-world engagements
As real engagement data accumulates, defense scenarios and rules are continuously updated and tuned to your actual environment.