Comprehensive system for early detection and analysis of cybersecurity incidents in IT/OT environments (ARAKIS Enterprise)

The ARAKIS system is derived from honeypot mechanisms, the goal of which is to lure an intruder into a controlled trap and at the same time draw away from strategic elements of an enterprise's IT/OT infrastructure.

Challenge

ARAKIS Enterprise is a comprehensive system for early detection and analysis of cybersecurity incidents in IT/OT environments. ARAKIS describes hitherto unknown patterns of network attacks, provides comprehensive threat intelligence, including detailed information on all activities performed during an attack, and has an extensive reporting and interactive data presentation system.

Projekty_Arakis_ikona
Project leader
Renata Urbańska

What we did

ARAKIS Enterprise integrates a number of mechanisms and technologies, the primary of which is a network of service-traps (honeypot) and sensors deployed in selected segments of the IT (REF LAN) or OT (REF OT) network, emulating diverse network services. The trap’s task is to lure the attacker and record their actions for anomaly detection and analysis. A unique feature of the system is the ability to automatically manage a large collection of probes-traps deployed in remote locations.

With the collected information about potential attackers and their methods of breaking through security, ARAKIS Enterprise strengthens the protection of the organization’s production services, extends the security system and supports the work of ICT security teams operating within the SOC.

ARAKIS means:

  • Modern architecture: “thin sensors” and “honeypots”
  • The latest low-interaction honeypot technology adapted to industrial networks
  • New algorithms for analyzing and clustering network traffic
  • Malware collection
  • Analysis of production traffic from a web server
  • Innovative way to visualize data