Vendor: TrapX Security, Inc.
Price: $3,995 per VLAN
What it does: TrapX Security DeceptionGrid uses a centrally-managed system to create, distribute, and monitor an entire deceptive environment.
What we liked: The many, predefined emulation traps deploy quickly and remain invisible to business users and result in both rich insights and scalable deception. Attack Visualization offers a meaningful way of looking at deception information, displaying the communications and connections across a network at a deeply granular level.
Security pros will find TrapX Security DeceptionGrid a low-friction threat detection and response platform that uses a centrally-managed system to create, distribute, and monitor an entire deceptive environment. TrapX has disguised its decoys to look identical to their legitimate counterparts so that they will entice, detect, and engage attackers, trigger the alert system, and relay attack intelligence. This platform has a full API SDK kit that enables integration with other products and seamless deployment into virtually any environment.
The many, predefined emulation traps deploy quickly and are completely invisible to business users. These traps include honey pots, traps, and lures that are indistinguishable from real assets. The traps offer extensive details into threats and sandbox results. TrapX extracts this attack intelligence gathered from real adversary activities and uses it to train the product on an ongoing basis, ensuring that DeceptionGrid keeps pace with the newest threats and provides relevant, tailored suggestions to prepare for emerging threats. DeceptionGrid also gives security teams the freedom and flexibility to create their own realistic traps. Analysts simply input the IP address of a targeted application or device, and the solution will mimic the native assets. The Asset Discovery periodically scans assets within an environment to ensure they are always hidden in plain sight with no blind spots.
The dashboard has a lot of actionable, high-level information and network intelligence statistics that offer a useful overview of threat and deception information. All threats are configured to display the types of alert or attack that have been triggered and to rate them according to the level of risk they pose. For example, an infection likely presents a much higher risk to an environment than a scan does and therefore would receive a much higher rate score. This clarity helps security teams quickly understand which threats pose the highest risk and where to focus their investigation and response efforts first.
The Event Analyzer page in the dashboard functions as an effective investigative tool that provides full forensics, including a static and dynamic analysis of all the activity that occurs during an attack. The Event Analyzer timestamps this information and lists all the logins, executables, and name changes that it has conducted.
Attack Visualization offers another way of looking at deception information, displaying the communications and connections across a network at a deeply granular level. All alerts and attacks are mapped to the MITRE ATT&CK framework, allowing CISOs to visualize the active techniques on their environment and prioritize their security goals accordingly. Several report options are available, including real-time event reports, that include breakdowns of various attack intelligence pieces. The filter field helps analysts pinpoint specific attack information, making it an efficient investigation tool as well.
Overall, TrapX Security DeceptionGrid leverages agnostic technology that can emulate almost any asset within a network and across multiple types of environments. The patented combination of intelligence gathering honeypots and deceptive lures balances learning and deceiving, giving organizations the best of both worlds with rich insights and scalable deception. Deploying TrapX Security DeceptionGrid into an environment reduces alert fatigue and dwell time and increases lateral movement visibility and surface area coverage, all for a low total cost.
The product costs $3,995 per VLAN and includes premium support. Additional support options are available for a fee.