Post by Yuval Malachi, TrapX Security CTO, Vice President and Co-Founder
Current products supporting enterprise defense in depth strategies have proven to be increasingly vulnerable to some of today’s advanced persistent threats (APTs). The reasons are clear: the changing array of attack vectors and rapidly evolving new malware are by-passing or defeating attempts to identify them based upon the use of signatures. We believe that deception technology has clearly emerged as a new category of cyber defense that can better empower security operations centers (SOCs) and response teams to deal with the APT challenge. Let’s take a closer look.
Defense in depth cyber protection strategies are generally based upon using several layers of defense. These layers may include technologies such as antivirus, intrusion detection and prevention systems, firewalls and endpoint protection. All of these are based upon signature analysis. Malware is evolving real-time, through the easy availability of tools that enable hackers to defeat these defense in depth strategies. Every signature can crafted to look new and unique, literally manufactured uniquely using existing malware as a starting point. Encryption can also camouflage malware as it moves past perimeters and filter points.
To make matters worse many of these legacy technologies require a considerable amount of work for deployment. Agent technology distribution to every desktop is complex and time consuming. This complexity is managed at a significant cost in large companies, but can be overwhelming to small and medium business. They really cannot afford the resources. And of course, despite this considerable investment, the signature based strategy is still just not working anymore.
Deception technology brings significant advantages forward with lightspeed. This newest class of deception technology can support and protect the largest organizations in the world. The “honeypot” has been replaced with products such as DeceptionGrid™ which can now deploy at enterprise scale in production end-user, data center and cloud environments. All of this deployment and set-up is automated – from installation to operational reporting. These deception nodes (malware traps) are placed throughout the enterprise. As core security infrastructure, they are never touched in normal operations. Only the lateral movement of APT malware, already inside your network, or the operation of unauthorized reconnaissance tools by bad actors within your enterprise will cause an alert. Regardless of the sophistication of the nation state or crime syndicate, if they touch any of the malware traps in the architecture they are instantly detected.
Deception technology addresses and resolves the weakness inherent in signature based approaches. Our automation substantially reduces the cost and complexity for any size enterprise.
To learn more about the benefits you can easily download a free trial and see how DeceptionGrid™ works. Please try DeceptionGrid™ out and let me know what you think. Here is the link to our Download. Check it out.