Identify and divert threats that bypass other security systems. Enterprise-wide insider threat detection leveraging deception.
Disable and neutralize advanced attacks at the start of an attack. Isolate threats to traps, protecting core assets from compromise.
True actionable intelligence from attack tools, tactics and processes. Automate Incident Response workflows based on real-world breach attempts.
DeceptionGrid provides a multi-tier deception architecture that is designed to match attackers’ techniques and deceive them at every step. Through the use of deception Tokens (lures) as well as of camouflaged medium- and high-interaction Traps (decoys), DeceptionGrid baits, engages and traps attackers among an organization’s actual IT resources. TrapX traps appear identical to real operational IT assets and connected Internet-of-things (IoT) devices. Deception in Depth takes the illusion further by engaging sophisticated attackers through a facade of convincing network traffic among the traps.
When cyber attackers penetrate an enterprise perimeter, they move laterally to locate high-value targets. DeceptionGrid dynamically baits, engages and traps attackers across all areas of the network. Just one touch of the DeceptionGrid by an attacker sets off a high-confidence alert. DeceptionGrid integrates with key elements of the network and security ecosystem to contain attacks and enable a return to normal operations.
Bait, engage, and trap attackers across YOUR ENTIRE network
Deception in Depth – The Architecture of Choice
The TrapX DeceptionGrid platform protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.
Deception in Depth Architecture
TrapX Deception in Depth multi tier architecture presents the deception attack surfaces that best match attacker activity. Learn more below – see our 3 tiers of capability.
Console with Attack Visualization
New expanded visualization enables the security operations team to rapidly understand the activities of the attacker over time, from the originating intrusion to the assets they are engaging with, to the final containment.
New attack identification automatically determines if an attack is being conducted by a human attacker, or automated attack tools, giving security teams a better understanding of the attack and subsequent containment methods.
Enhanced Security Modules and Automated Provisioning
AIR Module provides rapid automated forensic analysis of suspect endpoints which is triggered by indications of compromise (IOCs) identified by DeceptionGrid traps. CryptoTrap Module is designed specifically to deceive, contain, and mitigate ransomware early in the exploitation cycle, halting the attack while protecting valuable resources. Automated Provision of Deception Components. DeceptionGrid scans your existing network and provisions hundreds-to-thousands of deception components including Tokens (lures) and Traps (decoys).
Deception in Depth – Tier 1
Deception Tokens (lures) appear as ordinary files, scripts and databases, are embedded within real IT assets to bait and divert attackers.
New active traps functionality creates a stream of false network traffic between deployed traps to confuse and divert attackers that monitor the network traffic.
Deception in Depth – Tier 2
Medium Interaction Emulated Traps
Our patented emulated traps can be deployed at the largest enterprise scale through automation. You can select from a wide variety of servers, databases, workstations, switches, routers and more.
The patented medium interaction traps now include expanded templates for specialized devices based on industries. These templates include, ATM’s and SWIFT assets for financial services, or Point of Sale (PoS) devices for retail, as well as devices for medical, manufacturing and many more, allowing customers to determine if attackers are targeting specialized devices that are often vulnerable to attack.
Deception in Depth – Tier 3
High Interaction (Full Operating System) Traps
DeceptionGrid enables the provision of full operating system (fullOS) traps. Our medium interaction traps automatically extend engaged attackers through our smart deception to our fullOS decoys for the deepest attacker diversion and engagement. FullOS traps also enable customers to clone existing assets – you can completely replicate actual production servers to further deceive attackers.