Personalized threat intelligence

Typically, data is collected by someone else’s honeypot, is about threats that target them (not you), and is often out of context. With deception, attackers think they are successful, while MazeRunner collects valuable information that is in context, local to you, and highly enriched. This can include showing the originating source, attacked service, credentials used, commands run, malware downloaded, and a video replay of what an attacker did, all localized to you and in context.

From an attacker’s perspective, they are attacking your network. In reality, they are attacking a MazeRunner decoy running on AWS, and all traffic is forwarded from your IP to the decoy using a GRE tunnel. An attacker thinks they were successful, but is nowhere near your network, while you collect valuable information about their TTPs.

Share this:


Detecting lateral movement

September 26, 2017

Incident response

September 26, 2017

Advanced sandbox environments

September 26, 2017