Vendor: PacketViper, LLC
What it does: PacketViper Deception 360 uses agentless deception artifacts to prevent, detect, and respond to threats automatically to reduce dwell time and maximize response efficiency.
What we liked: This is an easy-to-use, lightweight, and agentless deception product capable of existing in and among the most sensitive tools and environments.
Security pros will find PacketViper Deception 360 an IT and OT product that uses agentless deception artifacts to prevent, detect, and respond to threats automatically to reduce dwell time and maximize response efficiency. The decoys create the illusion of a moving target, making it harder for attackers to assess a network and assert an attack.
The team at PacketViper believes that next-generation deception technology should do more than just provide information. It should do something. Therefore, the product starts working earlier in the kill chain and offers threat response without complex orchestrations. PacketViper Deception 360 also has the ability to integrate with existing security investments, rendering it compatible with both new technology and legacy systems and adding value to all organizations.
Deploying deception early and often in the attack cycle and internally and externally throughout an environment reduces the number of threats that breach a network. External deception gets deployed physically or virtually outside of the firewall and presents a false front that blocks an attacker’s initial scan. It then alters its appearance and presents a different setup in the event the adversary attempts to rescan it. This moving target defense makes the network difficult for an attacker to visualize. External deception gives security teams more visibility and control over the network and offers the tools necessary for external threat hunting.
Security teams may also deploy an internal deception inline to prevent data exfiltration and lateral collateral damage. Should an attacker attempt to exfiltrate data, PacketViper triggers immediate alerts, locks the metaphorical gates so that the offending IP cannot leave, and prevents all command and control communications. Because of its ability to detect and respond to threats simultaneously, this platform greatly reduces response dwell time.
The customizable dashboard contains a lot of valuable information, including deception system performance and top deception activity. Analysts may build deception campaigns using business intelligence or by isolating and focusing on a particular segment of the network, geographic area, or vendor. The developers aim to maximize detection efficiency and bring threat hunters the right information at the right time. Threat hunters may use Advanced Analytics, a threat hunting tool that enhances the results from deception campaigns with rich, contextual information. There are numerous filtering options available so analysts may quickly focus on any correlations or relevant activity logs and then take effective action.
Overall, security pros will find PacketViper Deception 360 a multi-purpose deception tool that stays true to its name, providing full deception coverage from north to south and east to west. This product does not require the assistance of another tool, SIEM, or next generation endpoint to accomplish its goals, and firewall and SIEM utilization naturally decrease as a result of the fine-tuning it offers, yielding a greater ROI. However, there are integrations available for these products if analysts choose to utilize them. PacketViper is an easy-to-use, lightweight, and agentless deception product capable of existing in and among the most sensitive tools and environments, including healthcare solutions and SCADA systems, so that all organizations may use it with confidence.
Pricing runs $20,000 for an annual subscription and includes basic, no cost support. The company offers hardware free of charge to customers.