DeceptionGrid 7.2. - Release Notes
DeceptionGrid 7.2. - Release Notes
TrapX introduced significant architectural improvements to security, performance, and stability in the new DeceptionGrid v.7.2.
There are a lot of changes (see the attached release notes). The most important are:
DeceptionGrid in Kubernetes
TrapX now provides DeceptionGrid Appliances as Kubernetes pods for deployment in a Kubernetes environment, enabling quickly raising multiple Appliances as needed, increasing stealth in an organizational containerized servers environment, and helping in trapping attackers' lateral movements between pods, such as from rogue pods.
Enhanced detection and alerting
Emulation traps now detect and record specific, detailed event information upon the following attack types:
- ARP Scans
- Solar Winds Sunburst backdoor
- Kaseya supply chain attack
- PrintNightmare exploit
- WinRM emulated service and deception token: Windows emulations (Station and Server) now include a WinRM emulated service, that upon connection records the attacker's name. For an enriched event alert, the service can be proxied to a Full OS trap. A deception token registers the trap in endpoint TrustedHosts.
- Cached Credentials tools: The downloaded token distribution archive now includes the following tools, preconfigured with the credentials defined in Cached Credentials tokens:
- A tool for configuring the credentials in the organizational Active Directory
- Configuration for organizational SIEM alerting.