CounterCraft is a Spanish cybersecurity company that uses an emerging strategy called “deception” to limit damage caused when hackers penetrate a company’s network.
The Spanish startup works with its customers to set traps of various kinds within the network that attackers will hopefully stumble across before they find their real targets. In some cases, these traps allow the company to gather information and possibly identify the attackers. In other cases, the so-called “honey pots” contain misinformation that can seem genuine.
“It’s important that each scenario be credible and attractive for the attackers,” says CounterCraft co-founder and CEO David Barrosso.
The company also has developed phony apps that companies can plant on their employees’ phones to trap thieves or hackers.
The employees are told to never launch the apps. But if someone else breaks in and launches or tries to access the apps, they can do various things like activate the camera to take a picture of the thief, send out a GPS coordinate, or switch on the microphone to record dialogue. At the very least, the company knows a phone has been compromised and move quickly to prevent the attacker from using it to access internal networks.
The concept represents a broader shift in the way companies are thinking about security. The exploding use of mobile gadgets has created too many entry points to realistically prevent attacks. So companies now assume that the bad guys will get in, and instead are focusing on how to trick them in order to minimize losses.
“We felt that companies needed to do more,” says Barrosso. “Security has been seen as something passive. You build walls, you build defense layers. So we started doing research on active measures. They idea is you have to be one step ahead of any threats.”
The concept for CounterCraft was formed as the three co-founders began to study the tactics of counterintelligence agencies. The goal of such agencies is often to manipulate attackers or disorient them in some fashion. This can include doing things like giving them access to false information, or sending them down wrong paths to frustrate them.
Located in San Sebastian, the company has raised $2.6 million from investors that include Adara Ventures, Orza Investments and Telefónica Open Future.