Periodic Reporting for period 2 - COUNTERCRAFT (Intelligence campaigns in the digital realms)
Reporting period: 2018-09-01 to 2019-08-31
The introduction to the market of CounterCraft’s tool will lead to the achievement of the following SPECIFIC OBJECTIVES:
• To integrate the product with customers’ security strategies by developing a comprehensive set of procedures to identify the suitable response action to each potential event identified for each vertical and to allow the integration of the product with existing security technology by developing a software module which allow the exchange of information with other security products
• To permit the integration of the product with existing security technology being capable of interacting with other security software enhancing the overall performance of the security system.
• To allow the adaptation of mobile devices and alternative operating systems, the delusion will be based in any type of equipment creating a more plausible deception.
• To increase the effectiveness of the product by including advanced features regarding response, coverage and plausibility.
• To provide to the customer legal assurance regarding the actions which can be carried in different countries.
COUNTERCRAFT designs and builds counterintelligence campaigns to protect key data and infrastructure. It provides a wide range of deployable assets to create personalised deception campaigns where customers can deploy them easily with only one button. They can also monitor and manage incidents in real-time when adversaries have penetrated at organisation’s defences, allowing them to react to threats when they have been detected with automated and manual responses. Customers can run Deception Operations to manipulate adversaries’ path through the kill chain and redirect then away from valuable information and assets.
Thanks to this project COUNTERCRAFT has several features that correspond with the user benefits comparing the tool with other approaches:
• Active defence: identifying the attackers and their intentions, looking for human mistakes and counter attacking to the attacker.
• Plausibility: creating content which seems to have been generated by humans and closely modelled on the content available on other “real” systems in the organisation or real machines using to deploy decoys and breadcrumbs to monitor the attackers without their knowledge.
• Coverage: leaving breadcrumbs all over the system pointing to decoy servers, which increase the detection rate of attackers.
• Interoperability: integrating the tool via API and SDK enhancing existing systems via API exports.
• WP1: During this WP the adaptation of the tool to be able to connect and communicate with other security software has been developped. In addition a set of procedures to ease the decision making of the security operator has been defined.
• WP2: The adaptation of major versions of Windows and Linux was already implemented during the first year and this second year the company ha sbeen working in the adaptation to other mobile Operating Systems. Obtaining the expected results for the most important, Android and iOS.
• WP3: The tasks dcarried out during this WP has been oriented to develop the advanced features of the product to have it rady for its commercialization. There has been new advanced features in the response, regarding the coverage and plausibility and regarding legal assurance so COUNTERCRAFT complies with the General Data Protection Regulation (GDPR) legislation inside and outside Europe. All the tasks has been finished correctly obtained the last version of the product.
• WP4: In this sense, CounterCraft has engaged 6 stakeholders in different vertical sectors (industry, energy, goverment, military, gaming and transportation) to validate the tool. The results of these pilots has been detailed explain in the deliverables D4.3 and D4.4.
• WP5: Commercialization and diffusion activities have had a great impact for COUNTERCRAFT. Different workshops, trade fairs, conferences and trips to visit potential partners and customers have been during the project achieving a grat repercussion. Furthermore, the Business Plan has been defined and updated during the project
• WP6:The management activities has been carried out as foreseen ensuring a good management and coordination of the projects and its activities. The communication and collaboration with the European Comission has always been easy and the progress of the project has been monitorized all time.
Currently companies can no longer afford to concentrate all of their resources on firewalls and first line of defence systems. They also need to incorporate “internally focused” solutions such as deception technologies to help identify a criminal while in attack mode. Deception technologies are markedly different from traditional cyber security appliance and architectural solutions, taking a proactive stance and trying to catch cybercriminals in the act. This new situation sets the ground for an important business opportunity from which COUNTERCRAFT expects to take advantage thanks to its novel tool COUNTERCRAFT.
The scope of this project is focused on early detection of cyber attacks by a disruptive approach automatically creating, managing and updating decoys, using a vast list of assets which can not be detected by attackers. More over, the solution goals are oriented to support adversary blocking, study and manipulation features, being possible to deploy in local or cloud facilities easily, thanks to the integration with other security applications of the customers base on algorithms associated to the creation of indicators of compromise.
On balance, COUNTERCRAFT is a new cyber deception tool opened to hugely different target markets, where budgets dedicated to security are increasing vastly fast. In a first step, COUNTERCRAFT has focused in the following markets to expand their tool:
• Banking
• Financial Services and Insurance (BSFI)
• Retail
• IT & Telecom
• Critical Infrastructures (Energy & Transport)
• Others (Government Enterprises, Healthcare and Manufacturing Sector)
To conclude and in order to explain the innovation level offered by COUNTERCRAFT, it is important to analyse the main features of the tool, that basically are:
• Active Defence
• Plausibility
• Coverage
• Interoperability
Currently, the best solution to reduce the impact of cyber-attacks on organisation systems and the best way to know the intentions of their attackers is COUNTERCRAFT solutions. It represents a new layer in the cyber defence based in deception thanks to the Counterintelligence campaigns that allow obstruct the actions of the attackers obtaining the maximum amount of information from them.