Fidelis Blog

Doron Kolton
CTO, Sr. Product Manager - Deception

Doron held executive and management roles in cyber security and software development for over 25 years. He serves now as the CTO for the Deception in Fidelis Cybersecurity. Doron founded TopSpin Security... Read More


How to Use MITRE ATT&CK® for Deception Missions

The MITRE ATT&CK Framework® was developed with a single purpose in mind: to better detect post-compromised cyber adversary behavior. 

Detection assumes that attackers have already infected assets inside the organization, and they have been “caught” (or found out). The goal of a Deception solution is to detect adversaries BEFORE the damage is caused to an organization. With a Deception tool, we can analyze the techniques used in real attacks, which then provides security teams important insights into the activities of their adversaries.  

The below image demonstrates how Fidelis Deception maps and correlates with the MITRE ATT&CK framework. It shows how Deception covers the kill chain by discovering specific techniques out of the matrix. Note that the goal is not to explain the ATT&CK Framework itself – rather how Fidelis deception covers and matches the framework’s techniques. 

How Does Fidelis Deception Work?  

The Fidelis Deception Module (FDM) allows organizations to quickly and accurately detect breaches, engage attackers and neutralize advanced cyber threats. Offering a unique combination of adaptive intelligent deception, terrain analysis and security visibility. FDM advanced technology cuts time-to-resolution from weeks and months to hours and minutes.  

Fidelis Deception Module empowers IT security professionals to go on the offensive against sophisticated network threats. The advanced platform learns complex network topographies and resources by sniffing and analyzing internal and egress traffic. It leverages its deep network insights to intelligently build and distribute the deception layer consisting of emulated and Real OS decoys, applications, breadcrumbs and Active Directory to lure attackers and expose their activity. 

Fidelis Deception Module enhances organizational threat intelligence and security visibility. With powerful asset-profiling and classification capabilities that map every asset and subnet in the network, FDM offers defenders a clear view of potential threats and builds comprehensive deception and detection layers for each individual network. Seamlessly integrating with third-party security tools, FDM enriches SIEM/SOC systems. FDM actively adapts to dynamic network conditions by constantly monitoring network traffic, including new assets and IoT devices. This means that the deception layer is always optimized. Moreover, control over all communication channels allows Fidelis Deception Module to expose risky applications and networking servers in use. 

The result is a Deception platform that is accurate, triggering actionable incidents with no false positives.