Businesses embracing the disruptive working environment COVID-19 has produced are safer from cyber security threats than those enforcing company-wide policies.
That is the opinion of Ori Bach, TrapX Security CEO, who said that employees not sticking to a business sanctioned cyber security policy and instead using software and hardware that they feel most comfortable with, known as ‘Shadow IT’, are assets with the correct security system in place.
Speaking to UC Today following the launch of TrapX Security’s Deception-as-a-Service solution, Bach said “The reality of the remote working environment is often stronger than whatever policy companies have in place.
Even if a business says employees are only allowed to use an approved laptop or smartphone and do certain things with it, reality happens and we’re now all working from home. Those of us who have families also need to share resources sometimes so Shadow IT will happen because employees can’t or don’t want to physically come into an office, they find different workarounds and loosen permissions in a way that they probably should not.
I think the way to handle that is not to try to eliminate it but actually figure out how your business can thrive in this disruptive environment. This deception solution actually works better in this disruptive environment because when a hacker gets into a structured environment, they know where they need to go because they do their homework. When a hacker now lands on an endpoint now, they don’t know they are easier to manipulate, they are easier to divert because hackers are so reliant on reconnaissance.”
Deception-as-a-Service
The TrapX Deception-as-a-Service technology sets up lures and traps using fake VPN credentials, files and browser histories on corporate or cloud networks in order to entice and trap hackers attacking the business. The solution also offers to assess an endpoint’s security as well as monitoring and assessment of all attempted breeches.
“Deception as a cyber security tactic has been around for about 20 years with honey pots and deception technology has been around for about five years” said Bach, “that’s about using deception as an operational security capability that allows you want to learn about and analyse attacks and divert an attack away from what you’re trying to protect and into a safe zone where you can trap the attacker and stop the attack.”
“We noticed that a lot of potential customers really liked the concept in the technology but feel that they may not have the capacity or feel that they’re not sophisticated enough to run this type of tactic, and therefore we decided to help them by providing it as a service and not as a tool”
Essentially we have built a set of traps that we put out there in the cloud and they look like VPN gateways, SAS applications like Salesforce or SharePoint or whatever application is the high value asset for that specific customer. We also help the customer to put those misdirections and fake clues that will divert attackers away from real breach points into those traps. Then we monitor it for the customer so when an attack is launched the customer gets a phone call saying we’ve identified this attack against you, it’s been diverted, here’s how the attacker got in, this is what he was trying to do.”
