These cookies collect information for analytics and to Sale of your personal information to third parties. Under the California Consumer Privacy Act, you have the right to opt-out of the This article was first posted to FCW, a sibling site to GCN. HADES can fill in details in the here and now, such as what tools are being used, what time the attack infiltrated the network, where it got in and other details that can be hard to pin down afterwards.įirst deployed in 2017, HADES has grown to develop better and better data analytic capabilities, Urias said. The system offers the ability to develop unique streams of threat intelligence by observing actual attackers and developing responses in real time.Ĭurrent cybersecurity practices, such as post-attack forensics and assuming compromise "are not the entire story" for federal and industry IT security managers, he said. That shift is particularly important as threat information is being commoditized by security companies that crunch their own threat intelligence, he said. HADES is ultimately aimed at "changing the conversation with the adversary," Urias told FCW, GCN's sibling site. HADES maps and time-stamps relationships among all relevant parts of an IT ecosystem and generates h a rich set of analytics so analysts can sift through the data to learn about the tools and techniques used by adversaries, then funnel that intelligence to network defenders.
#Splunk enterprise security sandbox software
The lab has been working with Splunk's Enterprise software to widen and deepen the program's ecosystem, said Vincent Urias, distinguished member of the technical staff at Sandia. The project won a 2018 Government Innovation Award.īecause Sandia develops, engineers and tests non-nuclear parts of nuclear weapons, its IT infrastructure is a magnet for cyber bad actors. The system ultimately allows Sandia analysts to deceive, interact with and analyze adversaries in real-time. The High-Fidelity Adaptive Deception and Emulation System (HADES) attracts potential cyber attackers with a supercharged honeypot that features an entire virtual environment and tricks them into sticking around by automating responses at machine speed. The High-Fidelity Adaptive Deception and Emulation System uses cutting-edge deception environments where operators can run sting operations on those trying to break into Sandia National Laboratories’ systems.
The simulated virtual environment lets network defenders deceive, interact with and analyze adversaries in real time.
Beyond honeypots: HADES tricks hackers into giving up their secrets