HADES: High-Fidelity Adaptive Deception & Emulation System
Technology SummaryThe rise in sophisticated cyberattacks has prompted businesses and organizations to seek out robust security measures with the ability to detect and respond to an adversary’s attacks in real-time. Many are using deceptive tools and tactics; however, current deception tools only provide partial solutions to full-spectrum deception. Sandia’s High-Fidelity Adaptive Deception & Emulation System (HADES) is a comprehensive cybersecurity platform that utilizes revolutionary advances in deception technologies that allow network defenders to defend and collect information on the adversary in real-time.
DescriptionThe HADES platform is a deception environment that utilizes Software Defined Networks (SDN), cloud computing, dynamic deception, and agentless Virtual Machine Introspection (VMI). These elements fuse to not only create complex, high-fidelity deception networks, but also provide mechanisms to directly interact with the adversary—something current deception products do not facilitate. At the onset of an attack, adversaries are migrated into an emulated deception environment, where they are able to carry out their attacks without any indication that they have been detected or are being observed. HADES then allows the defender to react to adversarial attacks in a methodical and proactive manner by modifying the environment, host attributes, files, and the network itself in real-time. Through a rich set of data and analytics, cybersecurity practitioners gain valuable information about the tools and techniques used by their adversaries, which can then be fed back to the network defender as threat intelligence. The HADES platform is the only comprehensive solution to deceive, interact with, and analyze adversaries in real-time. The unique insight gathered while using HADES can be used to implement stronger network defenses and prevent future attacks.
- Creates high-fidelity deception environments based on real system attributes
- Provides granular insight into attacker’s tools and tactics (malware, behavior, workflow)
- Allows interaction with adversaries through host, network, and file modification
- Provides varying operating and deployment modes to facilitate various network models
Computers & Info. Science
Download the PDFs for more information
- Market Sheet (273 KB)