Implementation consists of the following stages:
- Discussion of threat modeling
- Identification of significant assets in the organization that need protection. They are classified according to their importance and value.
- Profile analysis of potential attackers. Objectives, resources, motivations, technical skills and available tools are taken into account.
- Attack surface survey. Review of weaknesses and potential vulnerabilities.
- Create attack scenarios in the form of traps and decoys
- The scenario is valuable from the attacker’s point of view and could lead to a critical security breach.
- The bait is easy for an attacker to find using post-exploitation tools.
- The trap must not turn out to be a false resource too soon to give attackers time to concentrate on it.
- Prepare the runtime environment in the customer environment.
- Installation Honeypot platform and placing the created traps in the client environment.
- Configuration of notifications with the help of additional communication channels Mail, SMS, Syslog (SIEM) in the client environment.
- Develop scripts to automate the creation of decoys on workstations and servers in a client environment.
We also offer deployment in the CyberDeception as a Service model, where the platform and traps are maintained in the TrapTech cloud. Then the work in the customer environment is limited to the last point only.