A new breed of cyber security company is trying to lay traps to catch hackers and prevent damage, as old ways of preventing attacks are failing.
High-profile attacks on companies including Sony Pictures, JPMorgan and Home Depot last year, among hundreds of others, show hackers have become master hurdlers, able to jump both the firewalls erected around a corporate network and internal fences.
But companies are starting to use new approaches to deceive cyber criminals into attacking fake computers — complete with decoy software and files — to trap them. Hackers will be easy to spot because there is not meant to be any activity on the computers.
Security experts can then watch their behaviour to understand exactly what they are searching for and perhaps even who they are, so they can inform other threat detection systems. A cyber security business that is part of this new wave is TrapX, an early stage Israeli start-up that launched its technology in the US last month, working with customers in the financial and retail sectors. It is suitable for the age of cloud and mobile computing that makes it easier for attackers to find a way into a network.
Carl Wright, executive vice-president and head of sales at TrapX, said the goal is to “bring back the doctrine that has existed since the beginning of warfare: deception”. Current cyber security defences are no longer suitable to defend against increasingly sophisticated hackers.
“It is as if we’re back in the 1500s with a castle that has a moat but our adversaries have aeroplanes and can parachute down,” he said. Funded by BRM Capital, an Israeli venture capital company, and Silicon Valley-based Opus Capital, TrapX intends to broaden the scope of its fake environments next year, enabling customers to upload their own tables and data to trick intruders. Mr Wright said TrapX software would have detected the cyber criminals who attacked Sony Pictures, where hackers are reported to have destroyed data on the computers before the company realised what was going on. Mr Wright said if any had issued orders to delete files on a decoy computer, they would have been caught immediately. GuardiCore, another Israeli start-up, is using similar traps on servers in data centres, and Juniper Networks, the well-established US company, is working on what it calls “active defence” technologies following its acquisition of Mykonos software in 2012. Lawrence Pingree, an analyst researching the cyber security industry at Gartner, said “deception as a defence strategy” would be a “trend of the next year”. He said large financial institutions and government agencies, both of which often have the most advanced cyber security technologies, are interested in using traps against cyber criminals. “I think it is something security technology providers need to focus on — how do they use products and technology to deceive,” he added. Mr Pingree said the idea of luring online criminals to fake environments is not new but dates back to the invention of “honeypots” which were used in the early days of web security. The difference with the new technologies is that they are “scalable” and require little interaction from security professionals, according to Allen Harper, executive vice-president of commercial cyber security and “chief hacker” at Tangible Security, which sells TrapX products. Mr Harper was involved in honeypots in the early 2000s but said the process had been manual and difficult to expand due to a shortage of experienced cyber security workers. “It took an expert and there were only a few of them at the time,” said Mr Harper. “You had to watch that thing closely as if it got taken over and you didn’t plan for the way it got taken over it could be used against you — or even worse, against others.”
He said deceptive technology was an “important game changer” because it also improves existing protections, which often rely on matching a threat to a previously seen pattern, and help close up unknown holes in software, known as zero-days, if hackers are seen using them in these controlled environments. “It is like kryptonite, helping us fight back effectively,” he said.
GuardiCore is also automating the concept of a “honeypot” trap, this time for data centres, and is starting to build its presence in the US. Pavel Gurvich, a co-founder at GuardiCore who has a background as a programmer for the Israeli defence forces, said deception was becoming easier because servers can now be reconfigured using software, rather than relying on someone to physically flick several switches. “We see it as a tool to try to turn the tables on an attacker. The defenders are losing visibility and the attackers are gaining more and more information,” he said. “We’re trying to learn about the attacker and use the intelligence we get to stop him.”