TrapX Security DeceptionGrid
What is unique about DeceptionGrid is that it starts out fairly inconspicuous and apparently benign. But, under the covers is a sophisticated low interaction set of traps. These traps can never be touched without triggering an alarm. The theory is that nothing ever should touch one of the traps. If an attacker begins to engage with a trap, he is caught like a fly in a spiderweb. DeceptionGrid then goes into action to create ever more-tempting – and high interaction – traps, enticing the attacker to delve deeper into the grid and away from the real enterprise while, at the same time, it is collecting detailed forensics on the attacker and the attack.
This innovator was founded in 2011 and went to market in 2012. Now, five years later they have over 300 customers and 60 employees. @012 was not a good year to introduce deception. It was a very new technology and its promise was far from being realized. TrapX spent its first 3 years educating its public and, over the past two years, the company feels that the market “gets it.”
The founders have a mix of background from hacking to security. They realize that it is easier to hack than to defend. They use the same tactics against the adversary that it uses against the defenders. So, they don't try to cover the entire attack surface. They wait to see how the bad guys attack, mess with their decision process and change the economics of cybercrime to make it less cost-effective to hack.
How does a company with a relatively new entry into a relatively new market space plan for survival and, perhaps, dominance? Their philosophy is, don't just fight the battle today. Be ready for tomorrow. In that regard they are extending into two new battlegrounds: cloud and IoT. They actively are extending the DeceptionGrid into these environments and are starting to add vulnerable IoT devices already.