IDENTIFY INTERNAL ATTACKERS

It takes companies an average of 147 days to detect a malicious hacker who has breached their perimeter and is actively attacking internal systems*.

ThreatBox helps you identify internal threat actors fast.

ThreatBox looks, acts and feels like a real IoT device or web-service in your environment. When attackers are performing reconnaissance or finding targets, ThreatBox will alert you.

When an attacker actually tries to attack a system that is a ThreatBox, it allows it. Holding the attacker while alerting you.

You can also deploy our ThreatBox plugins to existing websites in your company to further enhance detection of internal adversaries and lateral movement.

HOW IT WORKS

Adversaries in your network have one goal - attack and gain access to lucrative systems. These systems can be medical devices, CCTV, transaction/banking systems, PLC/SCADA devices and more.

In 2015, we set out with an idea to help detect these kinds of attacks. By creating systems so real, and so distinctly bespoke - attackers will hack them, not realising that the underlying architecture is designed to detect and alert on their covert activities and movement.

FAQ

ThreatBox configures itself to be very hard to detect by attackers. It employs various means of hiding its true identity.
Nothing. It never contains your production or critical information.

Honeypots also fall under the deceptive technology realm in cyber security. ThreatBox is in the same category but is not a honeypot as we know them to be. Further, due to the existence of honeypots for SSH, Mail (SMTP), File Shares (SMB),FTP etc. ThreatBox operates on a different level - bespoke IoT devices and web applications.

Since ThreatBox is only a deceptive detection platform, it does not have sensitive data even if an attacker could gain access to the underlying system. On a hardware level, we have independently assessed the hardware to ensure the platform is secure and is not introducing supplier-injected risks on a chip/system level.

ThreatBox is not designed to replace these technologies, it complements them. Most companies that have experienced an external breach with an attacker active on their internal network had Firewalls, IPS's etc - this means someone, somehow, breached those systems. ThreatBox is there to find those attackers. ThreatBox can output its alert data to all major Security Monitoring & Event Management Systems.