Businesses embracing the disruptive working environment COVID-19 has produced are safer from cyber security threats than those enforcing company-wide policies.
That is the opinion of Ori Bach, TrapX Security CEO, who said that employees not sticking to a business sanctioned cyber security policy and instead using software and hardware that they feel most comfortable with, known as âShadow ITâ, are assets with the correct security system in place.
Speaking to UC Today following the launch of TrapX Securityâs Deception-as-a-Service solution, Bach said âThe reality of the remote working environment is often stronger than whatever policy companies have in place.
Even if a business says employees are only allowed to use an approved laptop or smartphone and do certain things with it, reality happens and weâre now all working from home. Those of us who have families also need to share resources sometimes so Shadow IT will happen because employees canât or donât want to physically come into an office, they find different workarounds and loosen permissions in a way that they probably should not.
I think the way to handle that is not to try to eliminate it but actually figure out how your business can thrive in this disruptive environment. This deception solution actually works better in this disruptive environment because when a hacker gets into a structured environment, they know where they need to go because they do their homework. When a hacker now lands on an endpoint now, they donât know they are easier to manipulate, they are easier to divert because hackers are so reliant on reconnaissance.â
Deception-as-a-Service
The TrapX Deception-as-a-Service technology sets up lures and traps using fake VPN credentials, files and browser histories on corporate or cloud networks in order to entice and trap hackers attacking the business. The solution also offers to assess an endpointâs security as well as monitoring and assessment of all attempted breeches.
âDeception as a cyber security tactic has been around for about 20 years with honey pots and deception technology has been around for about five yearsâ said Bach, âthatâs about using deception as an operational security capability that allows you want to learn about and analyse attacks and divert an attack away from what youâre trying to protect and into a safe zone where you can trap the attacker and stop the attack.â
âWe noticed that a lot of potential customers really liked the concept in the technology but feel that they may not have the capacity or feel that theyâre not sophisticated enough to run this type of tactic, and therefore we decided to help them by providing it as a service and not as a toolâ
Essentially we have built a set of traps that we put out there in the cloud and they look like VPN gateways, SAS applications like Salesforce or SharePoint or whatever application is the high value asset for that specific customer. We also help the customer to put those misdirections and fake clues that will divert attackers away from real breach points into those traps. Then we monitor it for the customer so when an attack is launched the customer gets a phone call saying weâve identified this attack against you, itâs been diverted, hereâs how the attacker got in, this is what he was trying to do.â
Â
Â
