All Products
SOFTWARE / APPLIANCE / WORKSTATIONSB2BB2G
AVALON logo

AVALON

Deception-Based Early Threat Detection

AVALON is DataEnforce's deception platform: it generates and distributes synthetic decoys throughout the customer's infrastructure, then monitors for any interaction. Because legitimate users have no reason to touch decoys, every alert is by construction a high-confidence signal — no tuning, no false-positive fatigue. AVALON analyses network topology and automatically generates decoys that fit the environment: phantom credentials, canary tokens, decoy file shares, shadow Active Directory objects, and fake services. Decoys are re-planned periodically so attackers cannot map the deception layout from a single foothold. Deployed standalone or integrated with OSPREY for unified telemetry and correlated detection across endpoint and deception layers.

Request a Demo Technical Briefing

PLATFORM DETAILS

Category

Deception

Platforms
WorkstationServer
Markets
B2BB2G

Proprietary DATAENFORCE technology. No third-party security components.

CAPABILITIES

Key Features

Automated Decoy Generation

Analyses network topology, Active Directory structure, and file-share patterns to automatically generate decoys that blend into the environment — filenames, hostnames, credentials, and services indistinguishable from real assets.

Multi-Layer Deception Coverage

Deploys across every layer an attacker traverses: decoy files and canary tokens on endpoints, phantom credentials in Active Directory, fake service listeners on dark IPs, decoy hosts, and internal DNS records.

Zero-Day Interaction Detection

Any interaction with a decoy is by definition suspicious — legitimate users have no reason to touch them. AVALON delivers high-confidence alerts with near-zero false-positive rate, no baseline tuning required.

OSPREY Integration

Shares the OSPREY ingestion path and console for unified telemetry. Decoy interaction events correlate with endpoint observations, enabling cross-source rules such as credential theft followed by network lateral movement.

Dynamic Re-Planning

Periodically rebuilds and relocates the deception layout so adversaries cannot map the trap perimeter from a single foothold. Decoy personas refresh on a configurable cadence.

High-Fidelity Alerting

Every alert is classified Alta by default. Captures full TTP context per interaction — attacker identity hash, process, source IP, decoy class, and ATT&CK stage — ready for immediate IR action.

HOW IT WORKS

Deception Platform — Live Simulation

AVALON Network Defense
Malware is attracted, isolated, and contained
Server
Workstation
AVALON Honeypot
Malware

DEPLOYMENT

Use Cases

  • Early detection of APT lateral movement in government and defence networks
  • Insider threat corroboration via credential and file decoys on sensitive endpoints
  • Network reconnaissance detection before exfiltration reaches real assets
  • Active Directory enumeration alerting against BloodHound, Kerberoasting, and pass-the-hash
  • Zero-day attack surface reduction across enterprise workstation and server fleets

Interested in AVALON?

Contact our team for a confidential briefing or technical demonstration.

Request Demo
Previous
INFOTRACK
Next
VALIANT