TrapX recently announced that it has released CryptoTrap™, a new tool aimed at helping enterprises detect and combat a rising tide of sophisticated ransomware attacks. We have thus decided to interview Anthony James, CMO of TrapX Security, to learn more.
Can you tell us more about TrapX?
Started in 2011, TrapX Security has a founding team that includes individuals with considerable experience in cyber defense in both the government and commercial cyber defense markets.
The team identified early on that traditional defense-in-depth cyber technologies that primarily defended the perimeter, have struggled against a rising tide of sophisticated human attackers. While both firewalls and endpoint security work well most of the time, they cannot alone defend a perimeter with 100 percent certainty, and over time, we have seen that cyber attackers are increasingly penetrating these traditional defenses. It has become clear that cyber attackers can penetrate these networks and then continue to move unimpeded for many months stealing data and intellectual property.
Our product DeceptionGrid™ deployed deception technology to both commercial and government markets beginning in 2014. In developing deception, it was important to spend time considering the point of view of the human attacker and the attacker’s methodology for exploiting and navigating networks to identify and exfiltrate data. Deception technology fills the gap and extends the power of traditional cyber defense. We integrate with existing technologies to provide new visibility into the internal networks and share our high probability alerts and threat intelligence with the existing infrastructure. Our Traps (decoys) are emulations of real information technology assets interspersed between real IT assets on the networks. Our Deception Tokens (lures) are fake endpoint pointers that redirect attackers to the deployed Traps. Together, these Traps and Tokens provide a blanket of protection against attackers who have successfully penetrated the network perimeter.
Today we have business operations in Asia, the Americas, Europe and the Middle East, and continue to add new accounts globally. We have more than 75 employees and consistently add headcount on a monthly basis, regularly raising money and expanding our team to meet the demand of a growing and robust cyber security market.
The technical innovation of deception technology has been well received by the industry experts. Gartner highlighted deception as one of the ten top technologies for information security in 2016, predicting that “by 2018,10 percent of enterprises will use deception tools and tactics, and actively participate in deception operations against attackers.”
Meanwhile we are frequently recognized by the media for our leadership in this space. In particular, the media has aggressively covered several reports published by our research division TrapX Labs. Among other things, these reports identified new threats such as MEDJACK (medical device hijack), Zombie Zero (pre-installed malware in newly manufactured barcode readers in China) and vulnerabilities within internet of things (IoT) devices such as the NEST™ thermostat.
Additional background on TrapX can be found in media coverage: https://trapx.com/coverage/
Why did you decide to build the CryptoTrap™ tool?
Historically, sophisticated human attackers focus on quietly infiltrating hospital networks and long term data theft. While these attackers put their efforts into monetary gain, the vast majority of cases did not seek to impact hospital operations or harm patients.
Over the past year, most of our customers have faced a growing volume of ransomware tools and attacks. Customers in the healthcare industry have been particularly concerned because of ransomware’s potential to disrupt ongoing operations. Shutting down a magnetic resonance imaging system for example could cost the hospital many tens of thousands of dollars per day, while the inability to access critical patient data could drastically affect the quality of patient care.
Finally in July, 2016, the Health and Human Services agency mandated that ransomware attacks be considered data breaches under HIPAA, creating additional concern in the healthcare industry about adjustments to risk assessments required for compliance as well as additional uncertainty around preventing and remediating these types of attacks.
These driving forces compelled us to create a custom solution based on deception technology, which provided the most effective means for directly addressing the ransomware threat.
What challenges were you faced with when building CryptoTrap™?
Perpetrators of most malware attacks move slowly and stealthily, with the aim of quiet data theft.
Ransomware, in contrast, moves very rapidly. While existing market solutions addressed ways to encrypt the data, but we did not find anything effective enough to stop an in-progress attack in realtime. Subsequently, we used our core technologies to build the CryptoTrap™ module so that we could move as fast as ransomware.
Designed and built for speed,CryptoTrap™ protects critical systems and data by creating fake network-based file systems and entices ransomware to attack them before they can spread.
How can CryptoTrap™ stop ransomware?
Essentially,CryptoTrap™ provides ransomware with the high value data that it seeks. As ransomware navigates throughout an infiltrated network in search of shared file repositories, it discovers fake file systems (traps) placed byCryptoTrap™ and linked from actual endpoints. The traps are comprised of large volumes of data that effectively hold it captive, while simultaneously alerting the security operations team about the attack. Once it identifies the attack in the starting phase, CryptoTrap™ then provides valuable insights into the source, as well as other potential indications of compromise (IOC). From there, the CyryptoTrap tool shuts down the origin points for the ransomware code within the network.
Where do you see the cybersecurity industry in general and the ransomware tools in particular, in the coming 5-years?
Ransomware has been around for a while, but only recently have attackers focused this threat on corporate data and the potential windfall from unprepared victims.The escalation in cyber attacks and ransomware deployment will continue unabated for the next few years. And because enterprise networks remain highly vulnerable, organizations will need to investigate alternatives to the traditional perimeter and endpoint defense technologies.
In addition, attackers will expand their markets, moving from carefully engineered attacks on the largest institutions to small to medium-sized business while leveraging automation to provide them with a strong return on investment.
Finally, rapid IoT expansion will introduce many more vulnerabilities to networks that integrate these devices without careful restriction. With lightweight operating systems and applications, there often isn’t room for embedded, after-market security capabilities, so organizations will need to invest in additional layers of security.
What recommendations would you like to give to those willing to enter this industry?
Most importantly, one needs to understand the perspective of the human attacker. Our researchers always consider the attacker’s point of view, which allows us to anticipate and understand every possible move, action and counteraction they could take.
Cyber defenders need to assess the motivations that drive organized crime versus nation states, which are distinctly different. Nation states seek critical information, as well as the ability to compromise and damage core infrastructure. Organized crime seeks to quietly access valuable information that can be exfiltrated and then sold for high profit, or fund ransomware designed to produce a rapid return on investment.
You also need to understand the tools and techniques that attackers use, as well as the new directions they are taking when developing new tools. That includes being able to anticipate the new capabilities and prepare the necessary countermeasures within your own products.