Case Study: Sandia National Laboratories achieves real-time threat intelligence and deception-driven adversary profiling with Splunk

Leveraging HADES for Advanced Threat Intelligence

Sandia National Laboratories, a U.S. NNSA research lab, developed the High Fidelity Adaptive Deception and Emulation System (HADES) to address increasingly sophisticated and targeted cyber threats. The challenge was a growing gap in real‑time threat intelligence and adversary understanding—traditional tools provided after‑the‑fact forensics but not the live visibility needed to profile and engage attackers without tipping them off.

HADES, built on the Splunk platform, fuses host, network, OS and payload data to provide automation‑driven, real‑time deception and analyst collaboration. The solution delivers end‑to‑end visibility, dynamic IOCs, high‑precision timelines and curated dashboards—enabling fast deployment (queries live in a day), reduced false positives, detection of lateral movement, and proactive defenses that minimize or prevent damage while shifting costs to the adversary.

Sandia National Laboratories

Vincent Urias

Cybersecurity Research Strategist