Overview

Critical Infrastructure (CI) provides essential services for public health and safety, commerce, and national security. While most threats to CI were physical and tangible, such as natural disasters and physical attacks, networking the Operational Technology (OT) that make up CI for management and operations has added digital and virtual threats that are much more difficult to defend against. Compounding this problem is the lack of OT-specific security solutions that put it at higher risk than Information Technology (IT) networks. The ThreatDefend platform offers deception capabilities to defend CI and OT networks against attacks targeting them.
The ThreatDefend ICS solution creates a deception environment composed of network decoys, deception credentials, fake applications, and false data to detect attackers early in the attack cycle as they attempt to conduct reconnaissance, steal credentials, and move laterally in both IT and OT networks. The platform deploys with little operational or management effort and provides a full fabric of deception that blankets the enterprise to detect in-network attackers, provides unparalleled visibility into suspicious or malicious activity, and collect intelligence to improve defenses.
The platform creates decoys that mirror production ICS/SCADA devices. These could be remote sensors, voltage regulators, fuel pumps, or SCADA clients and servers. These decoys deploy in the OT network to provide visibility and early detection of suspicious activity. Alerts do not trigger based on signatures or behavior but on confirmed attacker engagement with a decoy, from something as simple as a network scan to full interaction. The platform also creates deceptive credentials that appear as authentic CI credentials but point to the decoy environment to protect against attackers that steal them to move laterally. The comprehensive deception fabric uniquely protects CI from attackers who have bypassed perimeter defenses and alerts on their presences