Thought Leaders in Cyber Security: Greg Enriquez, CEO of TrapX (Part 2)

Sramana Mitra: Let’s double-click down on how you do what you do. Let’s say I’m an enterprise. How am I interfacing with your technology?

Greg Enriquez: If you are an enterprise and you’ve got a security team of two people or 200 people, you’re looking at a layered defense to protect your environment. You have to have a perimeter defense. You have to have end-point defense. At least, some form of anti-virus. Maybe, an IPS system. A good security defense will have multiple layers of tool to protect their environment and they’ll have diligent professionals following up on those alerts. Where we come into play is we build a gap. When the perimeter is breached and the security team is not aware of it, we will find it first because we operate inside the network by putting decoys and traps inside your network that attackers will touch if they breach your perimeter.

Sramana Mitra: How can you say for sure that your decoys are going to catch? What is going on? Help me understand the architecture of this system such that the decoys are placed in a position to be able to intercept breaches first.

Greg Enriquez: I don’t think any security technology is 100% dependable. Attackers continue to get in. We add another layer of defense by monitoring east-west traffic inside your network. If you look at the typical scenario on what happens in an attack, an attacker will get in by spear fishing, emailing, or a drive-by attack. The chances of an advanced attack getting on to the system they want the first time are very low. Through social engineering, they’re getting better and better at that. Once they get on the system, they want to escalate privileges. They want to find the administrator or systems that they’re interested in, or depending on the sophistication of the attacker, they may just decide to wander around the network and look for things of value.

Once they do that, we can put 1 to 100 or more decoys or malware traps in the system. We can emulate every workstation, server, IoT device, medical device, or whatever is on your network. Let’s say for example, you’re a hospital. You have nurses’ stations and administrative systems. Those are Windows-based systems. We can put copies right next to all of your live assets. We mix in with your production systems. We put dummy systems out there that the production environment doesn’t recognize but the attackers can touch. Once the attacker touches the dummy system, we get an immediate alert and we knew they’re there. If they try to inject malware or take over a dummy system, we record everything they do. Now, we’ll be able to watch and fake out the attackers.

We do a medium-level emulation. It’s not real Windows operating system. It’s an emulation. We provide services on top of it. You can even provide fake data to pull the attackers in. There’s a high probability they’ll touch us, but it’s not 100% sure. We are cooperating with the rest of the network. If we get touched, we can then alert the firewall. If we get malware injected, we can give it to the sandbox to do dynamic and static analysis. We participate in the security ecosystem. We provide another layer of defense. We can be your first alert for advanced attackers because they need to move laterally in your system to go after valuable information or valuable financial assets.

This segment is part 2 in the series : Thought Leaders in Cyber Security: Greg Enriquez, CEO of TrapX
1 2 3 4 5