Garda Deception

"Garda Deception" - the Distributed Deception Platform (DDP) creates a fictitious layer of enterprise IT infrastructure objects that are indistinguishable from protected network nodes. Interactive traps distract the attacker's attention, allowing you to buy time to neutralize a cyber attack. The product is registered in the Register of Russian Software.

2024

"Garda Deception 1.10.0" with Apache Kafka message broker

The developers integrated Garda Deception 1.10.0 with Apache Kafka message broker. Now the system detects suspicious authorization attempts in the domain and automatically creates an information security incident with notification of responsible persons. Updates help improve responsiveness to threats. The developer announced this on August 26, 2024.

The updated version of "Garda Deception 1.10.0" detects suspicious authorization attempts at user workplaces, creates an information security incident (IS), sends it to SIEM in real time and additionally notifies responsible employees by e-mail and Telegram.

The functionality is implemented by distributing decoys with false authorization data in the domain in the infrastructure. The domain controller logs all login attempts, the Kafka broker uploads logs, and Garda Deception checks the authorization data with the fake ones. So, the system identifies the attacker even before his interaction with the trap.

Among other things, the updated version of the system has expanded the ability to create and configure bait distribution policies. They can now be tied to specific supervisors and specific machines on each supervisor, making the bait management process more flexible. "Garda Deception 1.10.0" allows you to create custom dummy account format templates. So, the generation of fake logins and passwords in bait becomes more transparent.

The developers of Garda Deception 1.10.0 have enriched the user experience: the system allows you to emulate network devices and create traps of the types "network router" and "switch."

This version of the product supports the distribution of decoys on all existing operating systems: Windows, Linux, MacOS.

"Garda Deception 1.10.0" helps to comply with internal information security rules - the release provides for a restriction on the duration of a user session from 4 to 12 hours. After the scheduled session time has expired, the system requests re-authorization.

Astra Linux Special Edition Compatibility

The Garda Group of Companies has confirmed that the system for creating a false layer of the network infrastructure of the Garda Deception enterprise complies with the requirements of the Ready for Astra technological partnership program. The company announced this on July 1, 2024.

The Garda Deception compatibility certificate with OCAstra Linux guarantees the correct uninterrupted operation of the solution and the absence of restrictions when used in conjunction with the operating system.

"Garda Deception" creates a false layer of the enterprise's network infrastructure, allowing you to misinform attackers and detect malicious activity in real time. The system protects against targeted attacks attacks and zero day.

Our partners aimed to create an ecosystem of well-functioning IT products for each other to effectively solve customer problems, "said Ekaterina Kharitonova, head of Garda Deception. - Testing and certification under the Ready for Astra program is one of the ways to make it easier for Russian companies to choose systems and hardware systems that are proven to integrate with each other and help in achieving import substitution goals.

As part of the development of our information security strategy, we closely monitor the products of partners who can qualitatively supplement and strengthen the ecosystem of our own solutions. We are confident that key customers will appreciate the convenience of sharing the products of Astra Group and Garda Group of Companies, - said Kirill Sinkov, Director of the Department for Work with Technological Partners of Astra Group.

Compliance with the requirements of FSTEC of Russia by 4 levels of trust

The software complex "Garda Deception" (formerly "Garda Labyrinth") passed certification tests and meets the information security requirements of the FSTEC of Russia 4 levels of trust. The product can be used to protect state information systems and enterprises that do not work with state secrets. Gardaí announced this on April 19, 2024.

Garda Deception (formerly Garda Labyrinth) is a Distributed Deception Platform (DDP) that creates a fictitious layer of enterprise IT infrastructure objects that is not distinguished from protected network nodes. Interactive traps distract the attention of attackers, allowing you to quickly neutralize cyber attacks. The product is registered in the Register of Russian Software (No. 10040).

The success of tests at FSTEC, among other things, depends on the compatibility of the product with one of the certified Russian operational systems, "said Dmitry Filippov, head of the certification and licensing department of the Garda group of companies. - In terms of simulating the IT infrastructure, this requirement primarily applies to the server part on which the platform is deployed. So, "Garda Deception" is compatible with the Astra Linux Special Edition operating system .

The Garda Deception system has already shown its effectiveness for customers from various business sectors. It is able to detect malicious activity that is invisible to other SMTs, and protect against zero-day attacks and high-complexity attacks in near-real-time mode. The platform allows information security employees to comply with the 1-10-60 rule, which involves detecting a threat within the first minute, understanding it within 10 minutes, responding to it within 60 minutes.

Integration with Garda Threat Intelligence

The Garda Group of Companies has updated the platform to create a false layer of the network infrastructure of the Garda Deception enterprise. An improved version of the product allows you to optimize the use of computing and information resources of the customer's information security systems. It integrates with the Garda Threat Intelligence cyber threat data enrichment service and increases the speed of detection and response to attacks, strengthens protection against zero-day vulnerabilities and minimizes damage from attackers. Gardaí announced this on April 16, 2024.

The integration of the updated version of the Garda Deception 1.9.0 platform with the Garda Threat Intelligence (TI) service allows you to quickly detect attacks and more accurately assess their degree of danger. The option is implemented by accessing constantly updated information about the tactics and techniques of attackers.

When detecting suspicious files or activity, Garda Deception refers to the database of compromise indicators with a request for a hash of a potential malicious file. In response, the platform receives information about the belonging of the object to a specific malware and assesses the degree of danger. This data allows you to form and transfer an enriched event to the decision-making center or SIEM/IRP system as an incident, and then decide on a response, "said Alexey Semenychev, head of the information security threat analytics department of the Garda group of companies. - The system helps automate the incident response process.

The integrated application of "Garda Deception" and "Garda Threat Intelligence" reduces the time for recognizing targeted attacks and choosing an effective method of countering them. When the "Garda Deception" trap system is triggered, the TI service indicates signs of a targeted attack, which increases the effectiveness of assessing the level of danger and prioritizing response tasks. As a result, the speed of blocking attack sources increases and the possible damage from the implementation of attacks is reduced.

This version of Garda Deception reduces false positives and reduces the burden on analysis and response systems.