Xello Deception

2023

Xello Deception 5.3

On September 28, 2023, Xello, the developer of the first Russian platform to protect businesses from targeted attacks using cyber warfare technology, presented an updated version of the Xello Deception product. The key changes of version 5.3 were: an updated architecture for flexible control of a false layer of infrastructure at distributed sites, an updated module for hybrid emulation of false assets, the ability to receive authentication events from third-party systems and detect MITM attacks.

Xello Deception 5.3

According to the company, Xello Deception detects targeted attacks using distributed decoys and traps that allow you to emulate various false data and information assets on the network to deceive an attacker. The updated version of the product allows you to connect geographically distributed sites to the system and flexibly manage the false layer of infrastructure on them from a single management console. This architecture is called Xello Satellite or Satellite servers (servers installed on distributed sites).

To ensure maximum coverage of all network segments with a false infrastructure, an updated Xello Decoy Traps hybrid emulation module has been implemented, which allows you to create false assets and data at the level of protocols, operating systems, services and devices.

A feature of the platform is highly trusted indicators of compromise that arise when an attacker interacts with false assets. Xello Deception can send events to incident monitoring and management systems. With the updated Xello Trapless module, a reverse scenario has become possible in which the platform receives bait and trap events from external systems (Apache Kafka, RabbitMQ, SIEM, Windows Event Collector). This allows the solution to be used in non-domain infrastructures .

{{quote 'author
= said Alexey Makarov, CTO of Xello'Ha September 2023 in the conditions of import substitution, customers use various infrastructure management tools and business information security systems. Therefore, we make our platform vendor independent for seamless integration with third-party systems and solutions, as well as adaptive for various infrastructures. Together with the development of the "classic" set of system functionality cyberobman - traps and decoys - we develop adjacent directions. For example, we brought Xello Identity Protection (formerly Credential Defender) into a separate module, which allows you to reduce the surface of an attack by removing various artifacts of users' work on endpoints.}}

Xello Deception 5.3 also allows you to detect Man-in-the-middle (MITM) attacks. A special module in real time detects malicious activity associated with LLMNR, mDNS, NBT-NS protocols (multicast resolution protocols for local names). During the implementation of the cyber attack, attackers fake an authoritarian source to resolve the name, responding to traffic from LLMNR, mDNS, NBT-NS and redirecting the victim to a fake resource to compromise a legitimate account.

Astra Linux Special Edition Compatibility

Xello Deception platform has been confirmed to be compatible with OCAstra Linux. This was announced on September 6, 2023 by Astra Group of Companies.

The updated release of the solution implemented a number of changes that affected almost all components of the software product - a new domain authentications one based on the RADIUS protocol, support for dynamic screen resolution, a mechanism for writing events to the operating systems Windows log and Linux.

The Xello Deception platform detects targeted attacks using distributed decoys and traps throughout the company's network. The solution provides attackers with inaccurate information about the IT infrastructure of the business (false accounts, keys to IT systems, saved connections to various resources) and redirects them to traps. This protects critical information assets, including Linux infrastructure, by spreading false data and assets.

We are actively working to adapt the Xello Deception platform to various infrastructures and customer requirements: seamless integration with the products of Russian vendors, the ability to connect and collect events from third-party solutions, transfer security incidents to third-party systems (SIEM/IRP). Compatibility with Astra Linux is another important step, thanks to which customers will be able to fulfill the requirements of regulators for import substitution, - said Alexey Makarov, CTO of Xello.

The key task of Astra Group of Companies is to maximize technological cooperation and compatibility with the developer of the Ukrainian IT market and provide technological solutions that ensure maximum security and continuity of organizations' business processes, "commented Kirill Sinkov, Head of the Department for Work with Technological Partners of Astra Group of Companies. - Thanks to the compatibility of the Xello Deception platform with Astra Linux OS, the security functionality already recognized by a wide range of customers is being supplemented and expanded, which allows our customers to get a full-fledged technology stack with a new approach to identifying even complex cyber threats, which is especially important given the current market realities.

Xello Deception version 5.1 with Linux support

The updated platform for preventing targeted attacks using cyber warfare technology Xello Deception version 5.1 supports the installation of a management server on Linux operating systems. Also, the updated version implements the mechanics of managing inactive hosts, support for OpenLDAP and the latest protocols for traps (WinRM and RPC). Xello (Xello) announced this on February 27, 2023.

The implementation of the installation of a management server on domestic Linux systems will fulfill the import substitution requirements. In addition, earlier versions of the platform already support the distribution of decoys to end devices running OS Linux using remote interaction mechanisms (SSH, Ansible, Puppet and others). This gives business the ability to protect Linux infrastructure even on early versions of the product.

Xello Deception provides flexible false data layer management and monitoring on end devices. The platform allows you to centrally distribute decoys at a certain time, select host groups according to various parameters and search queries. To automate this process, the new version implements the ability to run periodic distribution tasks through Microsoft System Center Configuration Manager (SCCM). Also, as part of monitoring, the platform now automatically takes into account decommissioned hosts to which decoys were previously extended.

Support for domestic operating systems is a logical step in the development of any Russian product, "said Alexey Makarov, CTO of Xello. - We are working to adapt our platform for other domestic Linux distributions, simplifying the fulfillment of import substitution requirements. We continue to implement new types of decoys for all operating systems and work on the convenience of the platform for users.

2022

Xello Deception 5.0 Output

Xello, the developer of the Russian Distributed Deception Platform (DDP) class solution, introduced the fifth version of the Xello Deception targeted attack prevention platform on October 19, 2022. Among the key differences of the release are the flexible integration of the platform into the internal infrastructure of the enterprise and external cybersecurity systems, as well as additional opportunities for working with cyber incidents. Improvements allow you to more accurately identify illegitimate actions on the network and improve response efficiency.

To analyze the peculiarities of the infrastructure of any business and generate the most realistic false ones data , Xello Deception 5.0 implements automatic pull-up servers directly from the web interface. Also, thanks to the open API solution, it is capable of flexibility to be integrated with external cybersecurity systems. The updated version provides access to Swagger (a tool that allows you to create to visualize an API description based on the OpenAPI standard). Now you can watch and test integrations through the API right inside the web interface.

The mechanism for managing the types of decoys has been changed, which splits them into categories. Each category defines the area of use of the software to which the bait belongs. The system operator can assign both entire categories and individual types of decoys to hosts through policies. This allows you to more precisely configure their distribution to specific hosts.

For convenient work with cyber incidents, the filter mechanism has been redesigned. Now the system operator always remains in their context, performing operations with several activities (you do not need to open a separate window or scroll). Another innovation of the fifth version is a map with tactics based on the MITRE ATT&CK model in the incident card. This helps the system operator understand the stage at which the attacker is at and learn about the techniques and tactics (TTP) used.

The company is trying to form a standard for DDP solutions in the Russian market, focusing on the needs of users and at the same time improving the platform technologically. This is clearly demonstrated in the updated version of Xello Deception, where they significantly expanded its functionality, completely changed the system interface and simplified work with it for ordinary users, commented on Xello's CTO, Alexey Makarov.

Security Vision Compatibility

Xello, the developer of the Russian DDP (Distributed Deception Platform) Xello Deception platform, designed to provide information protection for businesses against targeted cyber attacks, and the Intelligent Security Vision company, which develops advanced Russian solutions in the field of information security process management and automation, have entered into a partnership agreement. This was announced by Xello on September 19, 2022.

As part of the collaboration, the companies tested the collaboration of the Xello Deception and Security Vision platforms. The integration of these products will enable companies with large and critical infrastructure to quickly identify and prevent complex cyber threats, as well as improve the quality of monitoring and responding to security incidents.

The Xello Deception platform protects infrastructures customers from targeting by attacks detecting illegitimate online activity in the early stages with decoys and traps. They create a layer of false assets (accounting,, data servers applications services and others), when interacting with which malefactor they impersonate. System components are managed and incidents monitored through a single console.

One of the features of Xello Deception is the minimum number of false positives, since the decoys and traps are directed exclusively at the attacker. When integrated with platforms such as Security Vision, it provides only highly trusted compromise indicators without creating background noise, and all the necessary information to work with incidents (host warning), commented on the CEO of Xello , Alexander Shchetinin.

The Distributed False Purpose Infrastructure (DDP) platform market has great development potential. This is a promising and highly efficient technology that significantly contributes to the enrichment of data in the incident management process. The integration of Xello Deception and Security Vision opens up prospects for strengthening customer information security. noted Security Vision CEO, Ruslan Rakhmetov.

Xello Deception 4.8 with VDI support

Xello Deception supports virtual workplace infrastructure, Xello (Xello) announced on February 14, 2022.

The demand for organizing VDI places is due not only to the transition of the business to a hybrid model of work, but also to the trend towards employee mobility. However, the migration process carries serious information security risks.

• Expanding the perimeter of a cyber attack: compromising one end client device can discredit the entire VDI environment.
• Providing cybersecurity to a large number of copies of operating systems.
• Implementation of protection measures taking into account the specifics of the virtualized environment: for example, the implementation of a resource-intensive security solution (classic agent protection) can lead to a decrease in the consolidation rate virtual machines or cause delays in loading operating systems.

Thus, the transition to this model of work requires cybersecurity departments not only careful organizational measures, but also a competent approach to choosing cybersecurity solutions. In a VDI environment, security must have the lowest possible impact on the infrastructure. Shorter wait times for applications to open results in better productivity for your employees.

Xello Deception is an agentless solution that creates decoys on virtual hosts and distributes them across the enterprise network using its own technology. The decoys can be various saved passwords and sessions, keys, false configuration files, databases and others. Their task is to emulate real information assets in order to detect the presence of an attacker inside the perimeter of the company. This increases the security of the VDI environment and helps reduce the risk of unauthorized access to the company's infrastructure.

With each next release, the developers are expanding the number of decoys and how to distribute them. The system carefully analyzes the behavior model of each user. And regardless of the configuration and purpose of the protected host (accountant's computer, data server databases or developer's laptop), the system will select decoys of the type whose software is used on this host.

2020: Inclusion in the Unified Register of Russian Programs

On April 9, 2020, it became known that the Xello Deception platform was added to Unified Register of Russian Programs the computer and. databases Ministry of Digital Development, Communications and Communications of the Russian Federation Inclusion in the register of support, information security Monitoring and management systems took place in accordance with Order dated Ministry of Digital Development, Communications and Mass Media Russia 07.04.2020.

The essence of the Xello Deception approach is to create an alternative reality for an attacker who has entered the corporate network. The system creates and actively lures an attacker into a dense network of false data, minimizing the likelihood of success of the attacker. The decision is valid after the "traditional" means of protection did not cope, and the attacker entered the network.

Building realistic systems that are independent of the real IT infrastructure helps detect malicious activity before they cause serious damage to the organization. Xello experts note that their development is based on a special technology "Dexem," with which you can create the most realistic environment.

Stages of Xello Deception:

• Creating decoys and traps.
• Introducing them into the corporate network.
• Misleading an attacker through decoys and realistic false targets.
• Detection of unauthorized intrusion into the network.
• Timely response to the actions of intruders.