CyberChaff 2018-02-21T13:09:20-08:00

In the armed forces, chaff is a cloud of material spread behind a target, designed to confuse either detection or attack. CyberChaff uses the same concept to thwart and detect address cyber-attacks.

The average data breach goes undetected by information owners for 229 days, and 67% of the time, information owners find out about the breach only when informed by an outside source.

CyberChaff solves this problem by interferes with an early and critical phase of an attack: “the pivot.”

“The pivot” is the point at which an external adversary or insider threat transitions from their original beachhead on a network to another host – one that is better positioned on the network, has improved privileges, or is running a critical service.


Your networks without CyberChaff™

Download the Whitepaper today!

CyberChaff interferes with this step by introducing hundreds (or thousands) of false, lightweight nodes on the network. Upon initial scan by the attacker, these nodes are indistinguishable from real hosts.

When an adversary scans the network or reaches out to a new host, they run a high risk of contacting a CyberChaff node rather than a real one. This not only slows down their attack, but also triggers an alert of the attack in progress.


With CyberChaff™

When scanning a network, an adversary uses a tool like NMAP to answer two questions about the target host: 1) what operating system is this host running, and 2) what services are running on it? The attacker uses this information to tune their attack to the operating system running on the host. They want to know what services are running on a host to provide both an inventory of possible applications to attack, as well as a hint about what data might be stored on the computer.

CyberChaff provides emulation services at both levels: it can pretend to be any operating system, and pretends to run any service the administrator wishes.

CyberChaff nodes are implemented as a lightweight virtual machine using the Haskell Lightweight Virtual Machine (HaLVM). It has an extremely low attack surface with no current known exploits.

CyberChaff is deployed as customer premises equipment on Formaltech provided appliances, or as a virtual appliance. Because the solution is lightweight, it can be deployed in many locations throughout the network in order to match the network segments – subnets and VLANs – that exist in the network.

Formaltech’s novel architecture for CyberChaff addresses weaknesses in current cyber security technologies by:

  • Hiding real hosts and devices in a network – making them more difficult to attack
  • Providing a giant false attack surface, without requiring organizations to maintain vulnerable systems (such as honeypots) on a network
  • Deploying an array of sensors with very limited false positives since no legitimate traffic should be received by CyberChaff

CyberChaff uses industry standard protocols for management, reporting and alerting, and can be integrated into your network management, IDS/IPS and SIEM solutions.

CyberChaff is designed to quickly and easily integrate into to any IP-based network, protecting information systems of enterprises, governments, and universities. Click here to learn more about CyberChaff for enterprise.

CyberChaff’s lightweight resource utilization provides an ideal complement to today’s advanced cybersecurity systems including IDS, SIEM, and Threat Analytics, and is available for OEM integration. Click here to learn more about how CyberChaff can enhanced the effectiveness of your OEM cybersecurity platform.

Resellers, Managed Service Providers and Integrators can use CyberChaff to provide additional levels of security for your customers while positioning yourself as an advanced technology leader. Click here to learn more about how CyberChaff can enable incremental sales and technical service opportunities.