Developers: | AVSoft (AV Soft) |
Date of the premiere of the system: | 2020/10/01 |
Technology: | Distributed Deception Platform (DDP), IB - Security Information and Event Management (SIEM) |
Main article: Security Information and Event Management (SIEM)
LOKI is a distributed target system for detecting cyber attacks. The LOKI system simulates the organization's IT infrastructure for initializing interaction with a cybercrime attack, collecting information about it and checking its artifacts.
2020: Loki Release
On October 1, 2020, AV Soft announced the release of Loki, a system of false distributed targets. The Loki system is based on Deception technology - "deception technology," providing information security for corporate and industrial networks of any level of complexity and topology.
The Loki system allows you to create a realistic simulation of the client's infrastructure and interact, within the framework of this infrastructure, with any attack from cybercriminals. The disguise tools for virtual services used to create such a "fake" infrastructure do not allow cybercriminals to determine the very fact of using "deception technology" both in creating the infrastructure and the objects located in it.
Functional features of the system:
- Microsegmentation of the company's IT infrastructure
- Implement a trap layer at the endpoint level
- Classification of network activity
- Detailed information on the study
- Integration with multiscaner and sandbox
- Integration with other systems
One of the elements used to deceive a cybercrime is the mechanism for generating pseudo-traffic between objects of a "fake infrastructure." Thus, the cyber intruder, observing the behavior of devices in such a network, will record the realistic behavior of all deployed equipment.
Industrial and research traps (honeypot) can be deployed within the Loki system. Industrial traps imitate the actual services of the organization, research traps are designed to collect full information about the cyber attack carried out on the corporate network. Loki traps can use most of the existing network protocols to simulate IT infrastructure hardware:
- Servers and workstations
- IoT equipment (routers, switches, printers, faxes, cameras, etc.);
- APCS (ICS/SCADA);
- medical equipment;
- operating systems and services.
Loki allows you to segment your IT infrastructure, implement traps at the endpoint level, identify, classify, and analyze all network activity. The Loki system can be integrated with other IS systems:
- with AV Soft solutions using the modular architecture of all products of the company (sandboxes, antivirus multiscaner, neural network);
- with third-party solutions via. API