The ACD platform warns entities – individuals, companies, governments – about inbound external cyberattacks and responds automatically.
ACD establishes highly vulnerable servers on the client’s network to attract attacks away from critical information locations. Human Cyber defenders and the ACD platform will be alerted when an active attack is taking place on the client network. The system will then respond automatically, and the analysts can review to understand what has happened, what the nature of the attack was and the source of the attack.
Honeypot servers can be set up across different countries, attack vectors and specific vulnerabilities. The information from attacks across this broad range of honeypots will greatly increase the accuracy of attribution of attacks.
The honeypot/vulnerable servers are set in such a way as to require an attack to breach the honeypot in an active manner. For example, attempt to login to the server with a default password, scanning the server for specific vulnerabilities, attempt to upload malicious code, etc. There are a range of tripwire levels that can be set within the vulnerable/honeypot server. At a level predetermined by the client or cyber team, the ACD platform will be notified and actively defend against the specifically attacked vectors.
The active nature of the breach that occurs means that counter-attack either through automatic response to through human intervention including law enforcement can then take place.