IDENTIFY INTERNAL ATTACKERS
It takes companies an average of 147 days to detect a malicious hacker who has breached their perimeter and is actively attacking internal systems*.
ThreatBox helps you identify internal threat actors fast.
ThreatBox looks, acts and feels like a real IoT device or web-service in your environment. When attackers are performing reconnaissance or finding targets, ThreatBox will alert you to their actions and lateral movement.
When an attacker actually tries to attack a system that is a ThreatBox, it allows it. Holding the attacker while alerting you.
You can also deploy our ThreatBox plugins to existing websites in your company to further enhance detection of internal adversaries and lateral movement.
HOW IT WORKS
Adversaries in your network have one goal - attack and gain access to lucrative systems. These systems can be medical devices, CCTV, transaction/banking systems, PLC/SCADA devices and more.
In 2015, we set out with an idea to help detect these kinds of attacks. By creating systems so real, and so distinctly bespoke - attackers will hack them, not realising that the underlying architecture is designed to detect and alert on their covert activities and movement.
Monitor your alerts and get more information on attacks via the dashboard. You also get emailed when a ThreatBox detects malicious activity against it.
Got your own security monitoring? ThreatBox can output alerts to many formats including Syslog and support for Splunk!, AlienVault and others.
Can Hackers Detect ThreatBox?
ThreatBox configures itself to be very hard to detect by attackers. It employs various means of hiding
its true identity.
Does ThreatBox use Machine Learning? How does it compare with AI-based detection?
If it can learn, it can learn wrong. ThreatBox is built to be deceptive and identify real threats. We do not rely on machine learning or "pattern learning" that can be fooled by attacks disguised as legitimate traffic. ThreatBox detects all attacks.
Is ThreatBox a Honeypot?
Honeypots also fall under the deceptive technology realm in cyber security. ThreatBox is in the same category
but is not a honeypot as we know them to be. Further, due to the existence of honeypots for SSH, Mail (SMTP), File Shares (SMB),FTP etc. ThreatBox operates on a different level - bespoke IoT devices and web applications.
Is ThreatBox secure?
Since ThreatBox is only a deceptive detection platform, it does not have sensitive data even if an attacker could gain access to the underlying system. On a hardware level, we have independently assessed the hardware to ensure the platform is secure and is not introducing supplier-injected risks on a chip/system level.
But We Already Have a SIEM/Firewall/IPS/IDS etc.
ThreatBox is not designed to replace these technologies, it complements them. Most companies that have experienced an external breach with an attacker active on their internal network had Firewalls, IPS's etc - this means someone, somehow, breached those systems. ThreatBox is there to find those attackers.
ThreatBox can output its alert data to all major Security Monitoring & Event Management Systems.