Huanzhen
Advanced Threat Hunting and Attack Tracing System

The asset service perception ability is integrated into the deception defense to realize the adaption to the surrounding business environment. According to the statistics and mapping of data information from multiple dimensions, the security algorithm is orchestrated to highly fit the deception service to the real business environment so that attackers will fall into the deception honeynet without realizing it. At the same time, through automatic orchestration and one-click deployment, honey network can achieve unpredictable effect, greatly reducing the cost of manual operation, achieving rapid, automatic intelligent deployment.

Huanzhen splits the sandbox and service. The service IP, port can be regarded as the basis resources of sandbox, and you can choose one or more services for free combination. Sandbox had the infinite possibility of permutation and combination, which allows users to build freely and avoid the attacker tag behavior for the sandbox, and problems like fewer scenarios caused by restriction of the sandbox types.

Addition and deletion of Sandbox are completely removed from Huanzhen. Users can regard the sandbox as a plug-in and update the sandbox conveniently and quickly; Users can flexibly customize sandbox service images, sandbox content, type, and even detection logic, which greatly improves the operability of the sandbox while reducing the sandbox production cost. The intelligent honeynet can produce the honeypot quickly according to the latest vulnerabilities, generate the sandbox automatically and the one-click association service. And those honeypots can be pushed to each coverage point of the organizations for emergency detection and response with low cost.

Based on the device fingerprint and social ID technology, it identifies the attacker's device, attacker's methods, social ID and so on to help the organizations trace the source of the attacker and establish the deterrence of the defense system. The attack countermeasure technology in Huanzhen establishes a portrait of the attacker through a variety of reverse control means to achieve the highest level of traceability. The countermeasure supports Windows, MacOS, and Android, with more comprehensive coverage and covert camouflage, which is used to build active defense.

Huanzhen is transferred to deception and defense base. Hundreds of highly interactive sandbox in cloud market are those that attackers are interested in according to accumulation in offense and defense drills that MoreSec precipitated in. Users can enter the cloud market in Huanzhen product page, adding sandbox with one-click, building scenario, and extend deceive sandbox types to hundreds.

Through the maintenance of sandbox services and scenarios on the cloud, MoreSec deploys relay nodes and camouflaging agents in the organizations off the cloud to transfer attack traffic to the cloud and avoid escape risks effectively. At the same time, we will provide richer cloud deception scenarios and timely response and update service.

Through Huanzhen centralized management platform, intelligence center it can link with products and components like Renjia, Jianmu, Huanzhen - relay nodes, Huanzhen - camouflage agent, covering deployment scenario for Internet side and intranet side, realize the perception of deception and automated response in the whole organizations scenes. Once hackers are perceived, the organizations defense system will respond immediately, and form the organizations deception defense panorama covering all scenarios.