Garda Deception

"Garda Deception" - the Distributed Deception Platform (DDP) creates a fictitious layer of enterprise IT infrastructure objects that are indistinguishable from protected network nodes. Interactive traps distract the attacker's attention, allowing you to buy time to neutralize a cyber attack. The product is registered in the Register of Russian Software.

2024

Compliance with Russian FSTEC requirements by 4 levels of trust

The software complex "Garda Deception" (formerly "Garda Labyrinth") passed certification tests and meets the information security requirements of the FSTEC of Russia 4 levels of trust. The product can be used to protect state information systems and enterprises that do not work with state secrets. Gardaí announced this on April 19, 2024.

Garda Deception (formerly Garda Labyrinth) is a Distributed Deception Platform (DDP) that creates a fictitious layer of enterprise IT infrastructure objects that is not distinguished from protected network nodes. Interactive traps distract the attention of attackers, allowing you to quickly neutralize cyber attacks. The product is registered in the Register of Russian Software (No. 10040).

The success of tests at FSTEC, among other things, depends on the compatibility of the product with one of the certified Russian operational systems, "said Dmitry Filippov, head of the certification and licensing department of the Garda group of companies. - In terms of simulating the IT infrastructure, this requirement primarily applies to the server part on which the platform is deployed. So, "Garda Deception" is compatible with the Astra Linux Special Edition operating system .

The Garda Deception system has already shown its effectiveness for customers from various business sectors. It is able to detect malicious activity that is invisible to other SMTs, and protect against zero-day attacks and high-complexity attacks in near-real-time mode. The platform allows information security employees to comply with the 1-10-60 rule, which involves detecting a threat within the first minute, understanding it within 10 minutes, responding to it within 60 minutes.

Integration with Garda Threat Intelligence

The Garda Group of Companies has updated the platform to create a false layer of the network infrastructure of the Garda Deception enterprise. An improved version of the product allows you to optimize the use of computing and information resources of the customer's information security systems. It integrates with the Garda Threat Intelligence cyber threat data enrichment service and increases the speed of detection and response to attacks, strengthens protection against zero-day vulnerabilities and minimizes damage from attackers. Gardaí announced this on April 16, 2024.

The integration of the updated version of the Garda Deception 1.9.0 platform with the Garda Threat Intelligence (TI) service allows you to quickly detect attacks and more accurately assess their degree of danger. The option is implemented by accessing constantly updated information about the tactics and techniques of attackers.

When detecting suspicious files or activity, Garda Deception refers to the database of compromise indicators with a request for a hash of a potential malicious file. In response, the platform receives information about the belonging of the object to a specific malware and assesses the degree of danger. This data allows you to form and transfer an enriched event to the decision-making center or SIEM/IRP system as an incident, and then decide on a response, "said Alexey Semenychev, head of the information security threat analytics department of the Garda group of companies. - The system helps automate the incident response process.

The integrated application of "Garda Deception" and "Garda Threat Intelligence" reduces the time for recognizing targeted attacks and choosing an effective method of countering them. When the "Garda Deception" trap system is triggered, the TI service indicates signs of a targeted attack, which increases the effectiveness of assessing the level of danger and prioritizing response tasks. As a result, the speed of blocking attack sources increases and the possible damage from the implementation of attacks is reduced.

This version of Garda Deception reduces false positives and reduces the burden on analysis and response systems.