What is Presidio XDR?

Presidio XDR is a unified Extended Detection and Response platform that integrates SIEM, SOAR, deception, threat intelligence and case management. It is built for MSPs, MSSPs and IT partners who need multi-tenant security operations.

How does Mirage detect threats?

Mirage deploys realistic honeypots (SSH, HTTP, SMB) and credential traps across your network. Any interaction with a decoy triggers an immediate alert, catching lateral movement and insider threats with near-zero false positives.

Is Cipher free to use?

Yes. Cipher Risk Matrix is a completely free cyber risk assessment tool. It covers 6 industry sectors and 10 risk categories, generating a prioritized action plan in minutes. Available in Italian and English.

What pricing tiers does VALTA offer?

VALTA offers three tiers: Free (community tier with basic threat feeds), Professional at EUR 49.99/month (full threat intelligence with dark web monitoring), and Enterprise at EUR 99.99/month (dedicated instance with SIEM/SOAR integration and priority support).

Does Securitix help with NIS2 compliance?

Yes. Both Presidio XDR and VALTA include automated compliance reporting for NIS2, ISO 27001 and GDPR, making audit preparation and documentation straightforward.

Deception TechnologyHoneypot PlatformAI-Powered SSHMITRE ATT&CKZero False Positives

AddDeceptionTechnology

toYourPortfolio.

Deploy realistic decoys across client networks to detect intruders, capture credentials, and map attacker behavior in real time. White-label ready for MSSPs and security vendors.

If someone touches a decoy, they are not a legitimate user. Zero false positives.

Try Mirage — Instant Access

Live Attack Map

Features

Not just honeypots. A complete deception platform.

Mirage combines Digital Twins, artificial intelligence, and threat intelligence to create an active defense layer that learns from attackers. Add it to your security stack and give clients visibility they never had.

Digital Twin Technology

14 pre-built device personas with pixel-perfect login pages: Windows File Server, Linux Web, NAS Synology, Printer, Domain Controller, ESXi, Proxmox.

AI-Powered SSH

Interactive SSH sessions powered by GPT-4o-mini that deceive attackers with realistic responses and log every command.

Real-Time Detection

Instant alerts when an attacker interacts with a decoy. Captures credentials, records sessions, tracks every move.

MITRE ATT&CK Mapping

Every event is automatically mapped to MITRE ATT&CK techniques, providing immediate tactical context on every attack.

Global Attack Map

Real-time Leaflet map showing the geographic origin of attackers with details on IP, ASN, and frequency.

Honeytokens & Canary Credentials

Fake credentials, API keys, and documents that trigger alerts when used. Canary credentials detect leaks on production servers.

Automated Monthly Reports

Auto-generated executive reports with recommendations, trends, statistics, and actionable insights for management.

Flexible Agent + Sensor

Lightweight Go single-binary agent for rapid coverage, or full-stack Docker sensor with AI for maximum fidelity. Deploy in minutes.

How it works

Three Steps to a Smart Trap.

Three steps to turn any network into an intelligent trap for attackers. Offer deception as a service to your clients in minutes.

Deploy Decoys

Distribute honeypots and sensors across the network in minutes. Go single-binary agent or full Docker stack.

Detect Intruders

Every interaction with a decoy generates instant alerts. Captures credentials, records sessions, maps ATT&CK techniques.

Respond & Learn

Analyze attacker behavior, generate reports, and continuously improve security posture.

Digital Twin

14 Digital Twins Ready to Deploy.

Every decoy faithfully replicates a real device: pixel-perfect login pages, authentic service banners, protocol-consistent responses.

An attacker scanning the network will see Windows servers, Synology NAS, and VMware hypervisors indistinguishable from the real ones. But every interaction is logged, analyzed, and mapped.

The more decoys you deploy, the more visibility you gain.

🖥️

Windows File Server

SMB, RDP

🐧

Linux Web Server

SSH, HTTP, FTP

💾

NAS Synology

DSM, SMB, FTP, SSH

🖨️

Network Printer

HTTP, RAW, LPR

🏛️

Domain Controller

SMB, LDAP, Kerberos, RDP

☁️

VMware ESXi

vSphere, SSH, HTTPS

🔧

Proxmox VE

Web UI, SSH, Spice, VNC

🗄️

Database Server

MySQL, PostgreSQL, SSH

📧

Mail Server

SMTP, IMAP, Webmail, SSH

📞

VoIP PBX

SIP, Admin UI, SSH

💿

Backup Server

Web UI, SSH, SMB

🔒

VPN Gateway

HTTPS, OpenVPN, SSH

🐳

Docker Registry

HTTPS, SSH

🏭

SCADA / HMI

Modbus, S7, HMI Web, SSH

Dashboard

The Dashboard in Action.

Every event, every attacker, every technique: all in one interface designed for operational clarity. Show your clients exactly what is happening inside their network.

mirage.securitixsolutions.com/dashboard

Dashboard Overview

LIVE

Events Today

Active Honeypots

Unique IPs

Credentials

Events last 7 days

MonTueWedThuFriSatSun

mirage.securitixsolutions.com/attack-map

Attack Map

3 LIVE ATTACKS

185.220.101.xRussia

SSH Brute Force2s ago

45.148.10.xChina

HTTP Login15s ago

92.118.39.xNetherlands

SMB Scan1m ago

mirage.securitixsolutions.com/events

Recent Events

AllCriticalSSHHTTP

TIMESTAMP	HONEYPOT	ATTACKER IP	TYPE	MITRE ATT&CK	SEVERITY
14:32:01	WIN-FS01	185.220.101.x	Credential Capture	T1078	CRITICAL
14:31:45	LNX-WEB02	45.148.10.x	SSH Session	T1021.004	HIGH
14:30:12	NAS-SYN01	92.118.39.x	Port Scan	T1046	MEDIUM
14:28:33	DC-01	103.75.201.x	LDAP Enum	T1087.002	HIGH
14:25:07	ESXI-01	179.43.175.x	HTTP Login	T1190	CRITICAL

Plans & Pricing

Plans & Pricing.

From experimentation to enterprise protection. Choose the plan that fits your reality. All plans are per-client for MSSP and vendor deployments.

Starter

One agent in your network to prove deception technology with real attack data.

15.00 €/Month

Billed annually

Built for: SMBs who want to see deception in action, observe real attacks, and understand the value before scaling.

What's Included:

✓1 deployable agent

✓14 built-in Digital Twin templates

✓AI-powered interactive SSH (GPT-4o-mini)

✓Event dashboard (last 7 days)

✓Email alerts

✓Automatic MITRE ATT&CK mapping

Not included:

✗Honeytokens & Canary credentials

✗Monthly reports

✗Live Attack Map

✗Slack/Teams webhooks

Start with Starter

Recommended

Professional

Full deception with AI, honeytokens, attack map, and automated monthly reports.

69.00 €/Month

Billed annually

Built for: SMBs that need active deception, early warning, and full visibility into attacker behavior.

What's Included:

✓Unlimited agents & sensors

✓14 built-in Digital Twin templates

✓AI-powered interactive SSH (GPT-4o-mini)

✓Honeytokens + Canary credentials

✓Automatic MITRE ATT&CK mapping

✓Full dashboard (unlimited history)

✓Live Attack Map + Monthly reports

✓Webhook alerts (Slack/Teams)

Not included:

✗Presidio XDR integration

✗Custom Digital Twin templates

✗REST API documentation

Activate Pro Plan

Enterprise

Enterprise deception with XDR integration, custom templates, REST API, and dedicated support.

159.00 €/Month

Billed annually

Built for: Organizations with internal SOC, MSSPs, compliance requirements, and existing SIEM/XDR integration needs.

What's Included:

✓Everything in Professional

✓Presidio XDR integration (Wazuh SIEM)

✓Canary credentials on production servers

✓Custom Digital Twin templates

✓REST API documentation

✓Dedicated support + SLA

Request a Personalized Demo

Comparison

Why choose Mirage?

Head-to-head comparison with the leading competitors on the market. See why vendors and MSSPs are adding Mirage to their portfolio.

Feature	Securitix Mirage	Thinkst Canary	SecurityHive	T-Pot (OSS)
Annual price (entry)	€228/yr	$5,000/yr	€900/yr	Free
AI-Powered SSH	✅ GPT-4o-mini	❌	❌	❌
Digital Twin templates	14 + custom	~15	~10	20+ (basic)
Realistic login pages	✅ Pixel-perfect	✅	Partial	❌
MITRE ATT&CK mapping	✅ Automatic	❌	❌	Partial
Live Attack Map	✅ + Public	❌	❌	✅ ELK
Monthly reports	✅ Auto-generated	❌	✅	❌
XDR / SIEM	✅ Wazuh native	Webhook/Syslog	In development	ELK built-in
Honeytokens	✅ 4 types	✅ 20+ types	Limited	❌
EU Data Residency	✅ On-prem	❌ AWS US	✅ EU	✅ Self-host
Self-serve demo	✅ Instant	❌	14 days	❌
Multi-tenant	✅	❌	❌	❌
SCADA/OT support	✅ Modbus, S7	❌	❌	Conpot
Setup time	5 minutes	5 minutes	5 minutes	1+ hours

Data updated March 2026. Prices and features may vary. Thinkst Canary acquired by CrowdStrike (June 2025).

FAQ

Frequently Asked Questions.

Everything you need to know about deception technology and how Mirage protects your network.

Honeypots are decoy systems that simulate real servers, devices, and services. Any interaction with them is suspicious by definition, because no legitimate user should ever access them. This eliminates false positives and provides extremely high-confidence alerts.

Our AI SSH is powered by GPT-4o-mini with device-persona-specific prompt engineering. It simulates filesystems, commands, and responses consistent with the emulated OS. In our tests, attackers interact for an average of 12 minutes before suspecting anything—more than enough time to gather intelligence.

No. Mirage operates completely passively with respect to your production infrastructure. Decoys are separate systems that sit alongside your existing network. The lightweight Go agent is a single binary with zero dependencies.

With the Enterprise plan, Mirage integrates natively with Presidio XDR (Wazuh SIEM) via a dedicated bridge. Events are automatically sent to the SIEM with MITRE ATT&CK context, enabling correlation with events from real infrastructure.

Canary Credentials are decoy credentials placed on real servers (not honeypots). If an attacker finds and attempts to use them, an immediate alert fires. This detects intrusions on real production systems, not just decoys.

Absolutely. The Starter plan requires zero advanced configuration. The dashboard translates every event into clear language with priorities and recommendations. You don't need a SOC to start using deception technology.