TEHTRIS DR
Deceptive Response

TEHTRIS DECEPTIVE RESPONSE y sus honeypots simulan máquinas y servicios falsos para engañar a los intrusos.

Un sistema de alarma preventivo y eficaz en tiempo real.

TEHTRIS Deceptive Response proporciona un sistema eficaz de alerta en tiempo real que se adelanta a los intrusos y brinda una visión complementaria a la seguridad de sus sistemas e infraestructuras. Al añadir recursos falsos a su red, estos sensores atraen a los atacantes y le proporcionan informes y paneles de eventos.

Revelar la presencia de un actor malicioso

A diferencia de los productos que tienen que barajar miles de millones de datos con el riesgo de generar falsas alarmas, TEHTRIS Deceptive Response sólo se solicitará cuando se esté interactuando con él. Por lo general, nadie debe jugar o atacar a estas máquinas falsas que no están oficialmente presentes en la red con fines de producción.

Una dificultad adicional para los hackers

Cuando un hacker tiene como objetivo una red asegurada por TEHTRIS Deceptive Response, puede caer en las máquinas falsas (señuelos), activando una alarma. El hacker no puede equivocarse, lo que complicará sus sesiones de exploración interna y sus movimientos laterales.

¿Por qué TEHTRIS Deceptive Response?

ESCALABLE A NIVEL DE RED

A nivel de red, TEHTRIS Deceptive Response puede cubrir todas las VLAN de una zona de red sin necesidad de desplegar manualmente un dispositivo falso en cada VLAN.

INTEGRACIÓN SIN RIESGOS

TEHTRIS Deceptive Response no modifica los sistemas en producción. Simplemente añade máquinas falsas, sin interrumpir los elementos existentes.

MAYOR POTENCIA

TEHTRIS Deceptive Response incluye una flota de honeypots integrada de forma nativa en la TEHTRIS XDR Platform con herramientas SOAR, CTI, Hunting, Compliance, Gestión de Incidentes, etc.

SEGURIDAD

TEHTRIS Deceptive Response se ejecuta en dispositivos que utilizan la distribución TEHTRIX con encriptación total del disco, con mecanismos de protección avanzados como RBAC en el kernel y protecciones anti-0-day.

SIMPLICIDAD

TEHTRIS Deceptive Response simplifica enormemente la complejidad de los proyectos de honeypot, en un modo operado, con TEHTRIS proporcionando el despliegue y el mantenimiento.

LEGITIMACIÓN

El cofundador de TEHTRIS lleva más de 20 años creando honeypots. Ha sido invitado por ejércitos y servicios de inteligencia de todo el mundo para hablar de sus estudios relacionados con los contraataques o las respuestas a incidentes dinámicas y proporcionales.

Perfectamente integrado en la TEHTRIS XDR Platform

Cuando se trata de ciberseguridad, orquestar eventos y reaccionar a las amenazas de forma eficaz y rápida es un reto fundamental. Una de las mejores maneras de hacerlo es con una automatización e inteligencia artificial potente. Esto es lo que ofrece TEHTRIS con su SOAR integrado en la TEHTRIS XDR Platform.

¡Descubra cómo creamos la híper automatización!

Cumplimiento de MITRE ATT&CK

MITRE ATT&CK es una base de conocimientos que modela el comportamiento de un ciberatacante, que refleja las diferentes fases del ciclo de vida del ataque según las plataformas: Windows, Mac, Linux, móvil, etc.

Descubra la compatibilidad de TEHTRIS XDR Platform con MITRE ATT&CK

≤ 1

día para desplegar TEHTRIS Deceptive Response

+ 500 M

alertas importantes cada mes

+ 1 G

de interacciones supervisadas anualmente en todo el mundo por los honeypots de TEHTRIS

Preserve la soberanía e integridad de sus datos

Desde 2010, TEHTRIS innova y enriquece su solución de ciberdefensa, a través de los diferentes módulos de la TEHTRIS XDR Platform.

¡Elija el líder europeo en ciberseguridad!

FAQ

What features does TEHTRIS Deceptive Response offer?

TEHTRIS Deceptive Response covers all network layers from Level 3 to Level 7, providing the ability for attackers to interact remotely, using fake machines. We thus offer network level (IP+ICMP, TCP, UDP) and application level fake layers to simulate SSH access, Web, Windows services and so on.

How is TEHTRIS Deceptive Response deployed?

TEHTRIS Deceptive Response is very simple to deploy, by setting up each virtual appliance dedicated to your business, at the heart of your infrastructure. A simple boot of our installation ISO, and 4 basic answers later, you get your own honeypots that are installed on your network, with the knowledge that the whole service is remotely operated by TEHTRIS in SaaS mode.

What is a honeypot and why should I deploy one?

A computer decoy is a system capable of making an attacker believe that he is interacting with a real machine, a real service, a real file, etc., in your company. There are many decoys out there, but some are not very effective, because they have become familiar to hackers. By deploying TEHTRIS Deceptive Response, you create value in many different ways. Hackers will waste time on decoys instead of attacking your real machines giving you the opportunity to be better prepared during these crises. Furthermore, they will be detected in the early stages of an attack while they are still mapping out your networks. Finally, you will have the opportunity to understand their operational methodologies in order to better protect your real networks.

What are the interaction levels of the decoys proposed in TEHTRIS Deceptive Response?

We offer several levels of interaction while maximizing our goal of saving time and gathering information from attackers. SOC teams are already struggling to try to follow the logs of real devices. So, without falling into the issues related to high interaction that would cost too much time for humans, far from the real production, we decided to create a tactical system, very field-oriented, combining weak interactions or beyond, to be informed during the upstream phase of an attack.

Where should TEHTRIS Deceptive Response probes be placed?

We think it’s best to deploy decoys inside the network, in very sensitive areas for example, such as your data centers and critical factories. We have customers who have deployed TEHTRIS Deceptive Response on network areas where there is virtually no interaction, such as a fairly closed DMZ. So, the day a hacker enters an exposed website, he will quickly be detected by starting an in-depth exploration phase to escape that DMZ, by visiting neighboring machines. We have customers who have deployed TEHTRIS Deceptive Response on networks that are completely open to internal users, because they wanted to gain certainty about specific at-risk staff (temporary subcontractors particularly interested in crafting discovery packets). Finally, we have customers who have managed to detect attacks via external Wi-Fi for guests, because TEHTRIS Deceptive Response was solicited in a very particular way by visitors pretending to be friendly, who had no idea that an anti-spying honeypot was waiting for them on these floors.

What actions are monitored by TEHTRIS Deceptive Response?

We see every single network packet that comes into the honeypots and we have the ability to quickly understand if it is a false positive or not. Indeed, many people believe in the myth of honeypots, but the reality is that these tools also generate a lot of alerts and we need to understand what is normal and what is not. We therefore monitor several services in particular, such as SSH, Windows, and the Web.

How can we read the actions performed by intruders with TEHTRIS Deceptive Response?

All actions are fed back into the TEHTRIS XDR Platform to which the honeypots are connected. This allows you to benefit from all the other security bricks, such as hunting, CTI, audits, etc. For example, a SOC analyst can quickly see an aggressive IP, doing an “Nmap” scan on a honeypot, and check if the internal IP address is known or go investigate with TEHTRIS EDR on it.

What are the alerts raised by TEHTRIS Deceptive Response?

We have all TCP/IP interactions that are notified, as well as high interactions with specific decoys like SSH, Web or even Windows parts. For some interactions, TEHTRIS Deceptive Response users particularly appreciate being able to watch the hacker on video. For SSH, you can follow all typed commands step by step to understand the level, motivations, goals, and tools used. This gives us a rather original and unique way to track hackers.

How does the inventory service work?

As TEHTRIS Deceptive Response is deployed on a sensitive area, we listen to the available local flows, beyond the Unicast flows that we receive, and we build a vision of the neighboring machines in CMDB mode. This is not the main function of TEHTRIS Deceptive Response, but it is very useful for us to know where a laptop was connected for the first time, in which factory, on which VLAN, and above all for what purpose.

Gartner Market Guide for Extended Detection and Response, Craig Lawson, Peter Firstbrook, Paul Webber, 8 November 2021
TEHTRIS recognized as a Representative Vendor in the 2021 Market Guide for Extended Detection and Response.
Craig Lawson, Peter Firstbrook, Paul Webber, 8 November 2021

Gartner Innovation Insight for Unified Endpoint Security, Rob Smith, Dionisio Zumerle, 12th November 2020,
Gartner Market Guide for Mobile Threat Defense, Dionisio Zumerle, Rob Smith, 29th March 2021,
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

TEHTRIS DR
Deceptive Response

Un sistema de alarma preventivo y eficaz en tiempo real.

Revelar la presencia de un actor malicioso

Una dificultad adicional para los hackers