cymmetriaCymmetria’s MazeRunner® is used by Fortune-100 Enterprises and government agencies to detect targeted and evasive APTs and Zero-days (0 Days) exploits that breached their networks, bypassing modern and
extensive Cyber protection frameworks. MazeRunner scales easily to enterprise-level networks, with
deployments of more than 100,000 endpoints.

MazeRunner identified APTs from Iranian, Chinese, and other affiliations and assisted in the Incident
Response efforts. Additional information is provided later in this document in the case studies.
MazeRunner also allows detection and investigation capabilities which are agnostic to the attack surfaces,
vulnerabilities and payloads, by using the attackers own activities to detect them.


Founded in 2014, Cymmetria is focused on changing the asymmetry of cybersecurity, tilting the traditional
security odds so that hackers are the ones who are left vulnerable. Cymmetria’s cyber deception solution,
MazeRunner, is at the forefront of deception-based cybersecurity technology.


Cyber deception leverages the fact that attackers always follow a predictable attack pattern: reconnaissance,
lateral movement, and exploitation. When attackers are targeting sensitive business processes and assets,
deception technology creates a controlled path for them to follow. Attackers are diverted from
organizational assets and into controlled environments, giving defenders the upper hand in detection,
investigation, and mitigation.


MazeRunner gives organizations a solution for creating effective deception stories. Deception stories, which
are comprised of breadcrumbs and decoys, lead attackers to believe that they have successfully gained
access to a target machine. Breadcrumbs are data elements (such as credentials) that lead attackers to
decoys. Decoys are machines that run live services; when they are attacked, MazeRunner raises an alert and
gathers forensic data.


ActiveSOC dispatches deception on demand to automatically handle SOC events. By automatically deploying
deception tailored to specific suspicious behavior (e.g., privilege escalation or abnormal traffic), ActiveSOC is
able to create new intelligence out of “below-the-threshold” events, and also validate events that might
otherwise be ignored by analysts.


MazeHunter engages with verified live attackers, takes their toolset from attacker-side infrastructure in your
environment, determines the depth of the breach, and contains them