Deception is one of the many tools cyber criminals use to penetrate corporate networks, however, one security firm believes enterprise organizations can use the same to thwart attempts to break through its systems.
TrapX Security, an Israeli start-up which launched in the United States in December, is offering a suite of solutions that essentially enable companies to rapidly deploy fake computer environments designed to fool hackers and make it easier for IT security teams to spot threats to the corporate network and study the behaviour of malware.
The idea is to draw hackers into the fake systems that contain decoy software and files. Activity on these bogus systems are either malicious activity to misconfigured traffic because the environment is not meant to host normal network traffic.
Honeypots typically consist of a computer, data or network site that appears to be part of a network but is actually an isolated environment that is monitored. The company claims its approach takes the “principles of honeypots to a new level.”
The TrapX360 platform, for instance, automates the provisioning of hundreds of virtual sensors throughout a network. The platform scans the existing network, creates and creates a shadow network or emulated systems, including servers, switches, databases and applications.
The system also allows real-time uploads of fake data onto services that are exposed to attackers.
“As malware scans for specific target platforms to attack, TrapX adapts in real-time to generate targeted honeypots, activity redirecting and neutralizing advanced stages of the attack,” according to the company.
Payloads that affect the sensors are immediately inspected for known behaviours such as search and engine crawlers. Unknown activity is transferred and isolated to a sandbox server. The platform builds a detailed model of any zero-day malware brought to the sandbox.
The use of decoy systems to smoke out attackers could be an emerging security trend, according to information technology research firm Gartner. According to the firm’s analysts some large financial companies and government agencies are already expressing interest in the approach.
Andrew White, research vice-president for master data management and analytics at Gartner, said the use of dummy systems could also give rise to a whole new activity for IT security teams.
In a recent blog, he noted that hackers lured into a fake system could check for traffic levels and might abort an attack if they “perceive a mismatch between their expectations for core data and what they see.”
“Won’t therefor the security vendors require some dead or dummy traffic on the dead server, to try to convince the hacker that the server is in fact real?” asked White.
If firms end up creating “dummy business” to trap hacker organization should determine policies regarding to what degree teams should focus on such activities as well as who and how such activities should be carried out, said White.