Angler


A deception device - real OS on real hardware that is setup as a decoy to lure in cyber-attackers. Its configured profiles are designed to mimic the types of targets the attackers are interested in. Since almost any access to this system should, by definition, be suspicious, it detects breaches reliably with precision and speed while keeping the number of false positive IOC alerts near zero.

It's easy

The device detects and captures new attacks and methods that are employed during attacker's lateral move. It advertises and exposes a configurable set of services that the attacker will inevitably explore. Additionally, the device monitors itself for compromise and port scan indication. When any IOC event is detected, it will be reported via email and/or syslog to the administrator. When enabled, the device can initiate an active response to the attacker's machine - ARP MITM.

The built in display will report the alert count and a blinking light will be active until the alerts are cleared.

Secure managed service

If you require advanced analytics, fast SMS notifications or to remotely monitor your Angler devices, you need to subscribe to our secure managed service plan. If you do so at the device purchase time, then the device will be shipped to you preconfigured - just plug it into your network and forget about it. We will notify you whenever an IOC is detected or your device becomes unavailable due to connectivity issues.

Features

Sensors

Port scan detection, file share, ftp, ssh and a large number of low interaction services

API for lure development and third party integration

Notifications

Built in email, syslog (SIEM integration), alert indicator and OLED display notification capability.

SMS - via secured managed service.

Configuration

Built in web administration console, enabled for remote management via our secure managed service.

Quick setup and forget.

Hardware

Embedded linux, quad-code 64bit 1GHz+ ARM, 1Gbps Ethernet, low consumption, OLED display

FAQ