TrapX Security’s DeceptionGrid rapidly detects, deceives and defeats attacks in real-time. It provides automated, accurate insight into malicious activity observed by other types of defense tools. It offers accurate breach detection with almost zero false positives and is easy to deploy. The analytic technology and level of automation are differentiators for this solution. TrapX prides takes pride in offering heavily documented use-cases.
DeceptionGrid’s distributed architecture starts with TrapX Security Operation Console. Typically, only one console is needed and sits in the cloud. The TrapX appliance sits under the highly scalable, multitenant platform. The appliance can distribute bait, or rather DeceptionTokens, to maximize the attractiveness of traps and decoys. DeceptionTokens are essentially the attributes of traps. An additional emulated trap provides high interaction and 512 traps are possible per appliance with dozens of DeceptionTokens on each endpoint.
Deception is conducted leveraging endpoint lures, network traps, and application traps. Breach detection and malware analysis alert on events and visualized with attack timeline. Endpoint tokens, Active Directory tokens, scan responses, and fake network traffic help protect against reconnaissance.
Deception is accomplished utilizing bait (fake data and configurations on real endpoints that lure attackers to the traps) and traps (are fake attack surfaces that have been camouflaged as network connected assets). Traps, including full OS traps, are tailor-made, leveraging patented technology, and have very low research requirements.
Employing the DeceptionGrid creates a proactive security posture that fundamentally halts the progression of an attack and simultaneously shifts the cost from the victim to the attacker, changing the economics of cyberattacks.
The product can deploy shadow networks within minutes. Beginning with discovery, it automatically collects information then deploys and camouflages traps to match the real assets within an environment. Automatic bait deployment follows to lure attackers from real assets to traps.
Organizations can set up traps manually or automatically – with the latter done through asset discovery, allowing the system to choose or recommend the best trap. Security teams can leverage third-party inventories, for example, by obtaining information from Active Directory and allowing the system to choose what would be best.
We love the BYOT (Build Your Own Trap) community idea because it allows for collaboration on deceptive countermeasures, sharing deception strategies, accessing new trap types and using third-party connectors. By sharing all that security teams can enhance the effectiveness of deception against cyber attackers.
The solution provides top-to-bottom forensic information, which is automatically sent to the sandbox for analysis. Once the results are sent back and analysis is completed, they are displayed in an easily readable report.
Attack Visualization shows elements of an attack, like connections, giving SOC teams or analysts better understanding of what is currently happening in the system to see if there are any common steps or traps attackers are using.
Impressive items on the horizon for DeceptionGrid include attack intelligence sharing, anonymous data sharing, SAP traps, collection of attack information detected by a deployment, sending anonymized information to the Attack Intelligence Server and data analysis for TTPs and trends.
Starting price is $3,000 per sensor.
Tested by: Matthew Hreben