TL;DR
- ThreatWise uses deception technology to detect attackers early by deploying decoy systems and lures that attract threat actors away from production assets while generating high-fidelity alerts.
- The TSOC management console provides centralized monitoring, sensor management, and real-time threat analysis, serving as the operational hub for the entire deception infrastructure.
- Appliances can be deployed on physical or virtual infrastructure, with each supporting up to 500 threat sensors ranging from simple device emulations to fully interactive operating systems.
This architectural overview introduces Commvault Cloud ThreatWise, a deception-based threat detection and response solution designed to identify attackers early in the kill chain without exposing production assets. The video walks through the complete ThreatWise architecture, starting with the TSOC (Threat Security Operations Center), which serves as the centralized management console for monitoring alerts, managing sensors, and analyzing threats in real time. Appliances form the operational backbone, hosting emulation sensors and optional network intelligence sensors across both physical and virtual infrastructure, with each appliance capable of supporting up to 500 threat sensors for broad network coverage. The deception strategy employs lures—digital breadcrumbs designed to attract attackers—that guide threat actors toward decoy systems rather than legitimate production assets. Sensors range from simple emulations like security cameras and printers to fully interactive Windows or Linux systems that enable deep behavioral analysis of attacker techniques. When attackers engage with these deceptive elements, events are logged and alerts are forwarded to both the TSOC and SIEM platforms via syslog for rapid response. The video concludes with a practical deployment scenario showing how SQL server sensors create a protective network of decoys around a critical database server, demonstrating how the layered deception approach significantly reduces the probability of successful attacks on real assets.
Chapters
0:00 - Introduction to ThreatWise
0:16 - TSOC Management Console
0:31 - Appliances and Sensors
1:04 - Lures and Deception Strategy
1:57 - SQL Server Protection Example
Key Quotes
0:31 "This is where the magic happens. Appliances host the emulation sensors and, optionally, the network intelligence sensor."
1:04 "Lures are the breadcrumbs that lead attackers to the traps and sensors distributed across your network. Lures are designed to be irresistible to attackers, guiding them directly into your deception environment."
2:36 "This is how we safeguard our assets. Proactive, strategic, and effective."
