Home/CyberChaff/CyberChaff – For OEMs
CyberChaff – For OEMs 2018-02-21T13:10:09-08:00

In the armed forces, chaff is a cloud of material spread behind a target, designed to confuse either detection or attack. CyberChaff uses the same concept to thwart and detect address cyber-attacks.

CyberChaff provides a new level of network protection and actionable intelligence for enterprises, governments and universities looking to deploy network intrusion detection and network protection, supplementing existing IDS, SIEM, and Threat Analytics systems. Because no valid network users should connect to a CyberChaff false host, connection events provide high value information for existing cybersecurity systems, and are high indicators of compromise – detecting attackers even when no IDS signature exists.


Your networks without CyberChaff™

Download the Whitepaper today!

OEMs looking to add cyberdeception into your product line – expanding the breadth of protection you can offer, while gaining a competitive advantage over alternative solutions – can easily adapt and integrate CyberChaff into a suite of product offerings. Designed with a modular architecture, CyberChaff does not require OEMs to consume and entirely new cybersecurity eco-system. Instead, CyberChaff’s core technology is designed to be driven by external management systems, and provides alerts using industry standard syslog – reducing integration and deployment time.


With CyberChaff™

CyberChaff provides extensive deception capabilities that are easily configurable, providing for high fidelity deception that can be customized to match your customer’s networks including:

  • Simulation of over 3,500 different devices and operating systems
  • Lightweight simulation of a wide array of services
  • Customizable MAC vendor prefixes
  • Service forwarding on any TCP/UDP port, to high-interaction honeypots

CyberChaff provides extensive integration capabilities making network and product integration easy. Key integration capabilities include:

  • Supports static IP and DHCP for false nodes
  • Supports VLAN separation of management console from false nodes
  • Supports multiple VLANs for false nodes from a single instance of CyberChaff
  • Provides JSON over SSH protocol for remote management by administrators or 3rd party network management software
  • Generates alerts in syslog format, including raw, CEF, and JSON format
  • Requires modest resources compared to traditional cybersecurity products and honeypots; each false node can run in 64 MB RAM

CyberChaff is available integrated in hardware appliances or in virtual editions (subject to minimum system requirements).