Xello, the first developer of a Russian platform for preventing targeted attacks with the help of deception technology, has signed an agreement with TenIT, the Belarus-based distributor. The company contributes massively in promoting the Xello Deception platform in the Republic of Belarus.
Xello Deception helps to identify complex threats without using any attack-related prior knowledge (signatures, heuristics, indicators of compromise or attacks). The platform creates a layer of false assets (services, accounts, configuration files, databases, industrial and network devices) throughout the company’s network, which makes it possible to detect malicious activity even at the most critical stage – lateral movement.
Issues to Solve:
Targeted Attack (APT) Prevention
With well-distributed honeypots (on user hosts, in LDAP and DNS zones) and traps throughout the company’s network, Xello Deception detects attacker’s illegitimate actions when interacting with them.
SOC (Security Operation Center) Efficiency Improvement
Xello Deception reduces the number of false positives by adding a highly trusted indicator of compromise of information assets to the correlation. Platform-based events are at all times a high priority for experts.
Security Incident Response Process Acceleration
Owing to honeypots and traps being invisible to authorized users and focused exclusively on an attacker, Xello Deception detects only real security incidents. When interacting with them, a notification is created that is highly likely to be considered a security incident rather than a false positive.
Security Incident Handling Time Reduction
When an incident takes place, collecting and storing forensics in the Xello Deception platform helps to form a correlation between disparate events, for example, how a particular file is associated with the control server.
Key Benefits
– Adaptive honepot generation based on the analysis of the company’s existing information assets
– Largest set of different types of honeypots (over 30) and highly interactive traps (over 25) on the market
– No excess load on the enterprise infrastructure: agentless distribution method
– Support for all possible honeypot distribution options with the help of executable files in remote execution: PsExec, PaExec, WMI/RPC, WInRM for Windows, as well as SSH, sh-script for Linux and Mac (distribution options using group policies, a third-party agent, remote device management tool, system center configuration manager are also available)
– Remote Desktop Infrastructure (VDI) Security
– Unified management console: timeline display of all incidents, flexible embeddability with the infrastructure from the web interface, and other features
– Operating system support: Windows, Linux, MacOS
– Public API
