Part 2: Solving the Honeypot Dilemma: Countering: Dormant Threats Inside Your Agency’s Networks
In my last blog, we talked about the dilemma of using honeypots. On the one hand, honeypots can be a great way to catch the bad guys; on the other hand, they can be costly and, if the attackers are clever enough honeypots can actually be used against the agency.
Here at SwishData, we constantly look for vendors with new and innovative technologies that can help our customers achieve their cyber security objectives. We’ve found one that solves the honeypot dilemma: TrapX Security
TrapX Security specializes in creating a DeceptionGrid of honeypots to foil attackers already inside your agency’s perimeter. What makes the TrapX product unique is that it emulates Windows, Unix, and Linux systems with a variety of patch levels and security flaws. All of these honeypot machines reside in an isolated virtual environment within the TrapX appliance, luring out dormant malicious software from within your information infrastructure.
This automated honeypot appliance avoids the two aforementioned problems. Because it only emulates OS and application holes to the network, there is no need to license any of them. And since it’s an appliance that is not actually running any recognizable OS to the outside world, it is not going to be taken over and used against the agency.
TrapX DeceptionGrid automates the deployment of a network of camouflaged malware traps that are intermingled with your real information technology resources. The traps appear identical in every way to your real IT assets. Once malware has penetrated your enterprise, it starts moving laterally to find high value targets. Just one touch of the DeceptionGrid by malware sets off a high confidence ALERT. Real-time automation isolates the malware and delivers a comprehensive assessment directly to your SOC and response teams.
This disrupts the basic pattern of APT deployment. At the first moment of reconnaissance and lateral movement, the APT is identified positively. Automation adds powerful level 3 forensics so that your SOC team has an almost immediate understanding of the nature of the attack. You can begin rapidly to implement the best path for remediation and removal. No other vendor can provide these powerful capabilities at comprehensive levels of scale and with our unique levels of automation.
Furthermore, TrapX is now part of the Intel Security Innovation Alliance (SIA) program and fully integrates with Intel Security/McAfee Advanced Threat Defense (ATD) sandbox. TrapX DeceptionGrid directly integrates into the McAfee ATD to provide seamless access to the McAfee Threat Intelligence Exchange (TIE). Sharing the actionable intelligence produced by DeceptionGrid in real time allows customers to rapidly counter internal threats and attackers by automatically adapting their defense via this tightly coupled joint solution. You can find out more about TrapX and Intel Security/McAfee integration [here].
For more information about this solution, check out this whitepaper.