The Solution

Uses malware's defenses against it

Shaping attackers decision making

Deceptive Bytes provides an innovative solution against threats in enterprises’ most critical and exposed assets, their endpoints!
The solution is a fully endpoint-centric deception platform that creates dynamic & deceptive information, responds to the evolving nature of advanced threat landscape and interferes with attackers attempts to recon the environment that deters them from executing their malicious intents, through all the stages of compromise in the Attack Kill Chain – covering advanced & sophisticated malware techniques, constantly making sure all the endpoints & data in the enterprise are secured in several ways…

Preemptive Defense

Making malware believe it’s in an unattractive/hostile environment to attack, reducing its motivation and the chance of infection, e.g. by creating a sandbox/VM environment which deter malware.

Proactive Defense

Actively responding to threats as they evolve, changing the outcome of the attack through all the stages of the Endpoint Kill Chain, e.g. by deceiving and stopping Ransomware, thinking it succeeded encrypting the files as the solution safeguard them.

Prevent never-seen-before cyber-attacks


One user-mode process to prevent all types of threats

< 20 %

Operates when needed, no scans means no unnecessary CPU usage

< 99 MB

Only necessary memory is used which lowers memory consumption

< 9 MB
Disk Space

Free of threats database means no unnecessary disk space is used

> 0 %
Prevention Rate

Using malware defenses insures high prevention rate


Providing multi-stage protection through the Endpoint Kill Chain


Simple, Effective!

Preemptive & Proactive​

The deception based solution uses common defenses malware uses against it and prevents threats without using signatures, patterns or prior knowledge.

More than 98% of all malware use evasion techniques. Deploying these techniques against malware helps increase prevention & detection rates substantially.

The solution identifies malicious behavior during execution even if no evasion technique was used, thus detecting & stopping threats in real time.


Since the solution doesn’t scan everything, its footprint is extremely low and it doesn’t impact user experience.

Uses <0.01% of CPU, <20MB of memory.

The solution doesn’t need to scan everything, it only handles unknown processes.

The thin agent (<1.5MB) deploys in seconds and operates immediately without rebooting.


The solution doesn’t need to be updated frequently since it uses common techniques malware uses which don’t update often.

No constant updates means that the solution can operate in air-gapped, isolated environments or by remote employees - keeping the endpoint secure.

Integrating 1 evasion technique can potentially stop millions of threats that use the same technique, even future ones.


The thin agent operates in user-mode, meaning it can’t cause system failure or used as a point of entry for potential attackers & gain full access to the OS.

Making sure your environment is running smoothly, the solution automatically approves OS processes and other security solutions.

The solution creates various environments/tools against malicious behaviors, triggering high-fidelity alerts and reducing the F/P rate close to none.

Effective Against

One agent to protect IT all

Solution Engines

Stop malware in Its tracks


Making malware believe it’s in an unattractive/hostile environment to attack & actively responding to it as it evolve - changing its outcome.


Protects legit applications used for malicious attacks.

App Control

Manages applications' execution, allowing or blocking apps according to policy.


Controls Windows Defender settings on the endpoint through the management server and receive detections to it.

Network Defnese

Controls Windows Firewall configuration on the endpoint.

Threat Intel

Blocks known threats using web gathered information.

Solution Integrations​

stronger Together

Windows Defender & Firewall

It’s not just a deception platform, it’s an EPP with EDR-like capabilities when integrated to Windows Defender & Firewall, giving defenders extra security layers to protect their endpoints without the added complexity, costs or burden.

Deceptive Bytes’ platform controls Defender & Firewall on one hand and get threat notifications on the other, giving full visibility when connected.

The integration supports Windows 7 SP1 and above, Windows 2008 R2 and above, giving IT/Security teams the peace of mind when managing old operating systems.


Request a demo or send us a message