Decisis identifies 0-day attacks by safely replaying suspicious code in sandboxed detonation chambers
When running in Active mode, the Cayuga Networks Decisis™ detection engine apprehends suspicious code, creates copies, and then places the copies into a cluster of detonation chambers, or “honeywebs.”
Similar to honeypots, these detonation chambers are isolated, orchestrated replicas of production web application servers. They emulate an actual production web application stack and interact with the suspicious code, creating an environment that engages the code to reveal intended malicious activity.
Decisis also automates detonation chamber management tasks by orchestrating large numbers of cloned sites. The orchestrator then analyzes the results to determine the level of risk posed by a specific piece of attack code—even zero-day vulnerabilities.