By: Joseph Tso, CISSP, CISM
As cyber threats continue to evolve and become more elaborate, organizations are struggling to find ways to protect their informational assets. The need for security controls to keep up with these threats becomes more inherently important. The priority for most companies is to find an endpoint/perimeter security control to detect the intrusion due to the focal point of most intrusions is happening at the endpoints. Endpoint detection is not enough, once a hacker establishes command and control and bypasses endpoint/perimeter security, the first thing they will do is to look for more targets and compromise additional systems.
Defense in Depth Methodology
A defense in depth mindset is required to address this issue. The need to augment security controls has become a necessity if an organization wants to achieve a stronger security posture. A single control is not enough, in the current threat landscape, for a cyber program to be successful and efficient, a company needs to adopt a defense in depth approach. Applying security controls on top of security controls provides a strong defense against cyber threats. The additional layers make it harder for a hacker to penetrate and access data. Deception controls is a layer of defense that is now becoming a requirement for businesses.
Deception technology is not an area of cybersecurity controls most organizations have or understand. Those that understand deception the first thing that comes to mind is Honeypots. Honeypots are a form of deception that is traditionally used for defense in depth strategies. Honeypots are decoy systems used to lure hackers into attacking a fictitious system that looks like the real thing. Honeypots are great for early detection or further threat hunting. However, traditional Honeypots are tedious to set up and can only emulate known and commonly used systems like a Microsoft Server. It is difficult for a company to create a full Honeypot network to include other assets such as switches, IOT devices, medical devices or even industrial SCADA devices. Traditional Honeypots do not have this capability thus; it is time to declare traditional Honeypots are dead. Hackers are getting smarter and can recognize simplistic Honeypots. It is time to move to a next generation Honeypot.
Next Generation Honeypots and TrapX
Deception technology such as TrapX Security, specialize in next generation Honeypots. Imagine the possibility to simulate a full-blown hospital operation with medical devices, IOT monitors, and fake PHI data. In the eyes of the hacker, they struck gold. The ability to trap and contain a hacker within a Honeypot environment will ensure your critical assets stay safe. TrapX Security’s solution, the DeceptionGrid, can emulate a multitude of systems easily through automation but most importantly can simulate systems that are normally not possible in a traditional Honeypot system. Databases, Point of Sales, workstations, routers, switches, ATMs, servers, and SCADA are some of the types of deception Honeypots you can deploy with TrapX Security. Imagine being able to trap a hacker and continue to lure him down a rabbit hole all while making sure your informational assets stay safe. With the DeceptionGrid, once you have the intruder caught in their traps, you can to continue to spin up additional traps keeping the intruder occupied while you collect data, forensics, and threat intelligence.
If deception technology is on your roadmap then TrapX Security is the company that you need in your environment.
Endpoint detection is not enough by itself to stop intruders, you need to augment your security posture by adopting defense in depth. TrapX Security has the solution to help bring your security posture to the next level.
Joseph Tso is a Cybersecurity Professional with over 20 years of Information Technology field experience with a focus on creating and managing cybersecurity programs. His expertise includes Cyber/IT Risk Management, Data Governance, Security Governance, Incident Response, and Privacy Management. Joseph has worked in a broad range of industries such as Finance/Insurance, E-commerce, Entertainment, Fashion, and Aerospace. Joseph has extensive knowledge of cyber law and regulations that include but not limited to NYS DFS Cybersecurity Regulations, EU GDPR, and HIPAA, Joseph has experience with cybersecurity frameworks such as NIST, COBIT, and ISO 27001. Joseph has participated in speaking panels discussing Cyber Regulations. Joseph has professional certifications in CISSP, CISM, ITIL Foundation, Six Sigma Green Belt, and ACE: Access Data Certified Examiner for Forensics. Joseph Tso is a Summa Cum Laude graduate from Pace University with a B.S. in Computer Forensics and is expecting his Master of Science in Information Security and Assurance that is sponsored by NSA/DHS from Embry-Riddle Aeronautical University in 2018.