What problems does Frenetik help solve?

  1. Passive nature of traditional deception honeypots.
    • Current deception techniques are passive. We HOPE AND PRAY the adversary will engage. We might drop some breadcrumbs to entice them. While this can absolutely be effective, I would like for us to raise our chances of adversary interaction and subsequent defender tip-off, by forcing your real in-use credentials and resources into the mix, so that the resources you actually use (and then abandon to become honeypots), and thus the ones that adversary will need to use, into a living, actually-used deception.
  2. Internet facing all the time.
    • The identity and resources attack surface is internet facing and too easily discoverable. No longer must an adversary get an on-premises foothold to start interrogating your identities and assets – they are now internet facing and always on. Why is this a problem? The adversary has an avenue to effectively bang on the front door incessantly.
  3. Predictability and Identity Reconnaissance.
    • Our usernames, hostnames, resources, etc. are human creations. As such, we go with standardized e-mail addresses that double as authentication handles, or usernames or hostnames and IP’s that follow simple patterns or structures – AND NEVER CHANGE. Why is this a problem? The adversary does not have to work hard, or once discovered, continue to work, on their target development.
  4. Single Sign-On Nightmare.
    • If an adversary compromises your identity credentials, due to Single Sign-On it typically means they can be you across many disparate systems. While convenient when working correctly and secure, the fallout from the massive access this allows an adversary once compromised is immense.
  5. Modern (SASE) remote access reconnaissance.
    • While SASE, due to its NAT and Port Forwarding capabilities, as opposed to traditional TLS/IPSEC VPN Concentrators, limits the traditional scanning of subnets and associated reconnaissance once connected to the VPN, the adversary now will have a foothold on an endpoint that has the SASE connector installed (ZScaler ZPA, Entra PA, etc). Instead of finding the resources pushed down via configuration from the SASE that says what they can connect to over the SASE tunnel, with Frenetik, only a *.domain.com is sent, and the only way to connect to a resource is by KNOWING THE NAME, which is never revealed outside of out of band mean!