Labyrinth Deception Platform changes an attack surface providing adversaries with an illusion of real infrastructure vulnerabilities. Each part of the imitated environment reproduces the services and content of a real network segment. The solution is based on Points - smart imitation hosts that mimic special software services, content, routers, devices, etc. Points detect all malicious activities inside a corporate network providing comprehensive coverage of all the possible attack vectors.
Seeder Agents work on servers and workstations imitating attractive artifacts. Triggered by intruders, the agent directs them to Points.
Worker node is a host for all Points in Labyrinth. It works in multiples VLAN simultaneously.
Points mimic the content and services that are relevant to their environment segments and keep an attacker inside Labyrinth until all the necessary information is gathered.
All the collected information goes to Management Console for analysis. The Console sends necessary data to Incident Response Platform.
IR checks metadata with external databases and accelerates incident response through 3rd party integrations that automate isolation, blocking, and threat hunting.
Labyrinth provokes the attacker for actions and detects suspicious activities. While an attacker proceeds through the fake aim infrastructure, the Platform captures all the hostile’s details. The security team receives information about threat sources, the tools that were used, and about exploited vulnerabilities and the attacker’s behavior.