As organizations continue to move toward digital transformation, the digital workspace ecosystem of IoT devices, endpoints, and networks continues to grow and evolve. This new landscape creates many opportunities for potential attackers. Security becomes even more important for everyone in this new threat landscape and strategic moves have to be made in order to prevent the next disaster to happen – with your organization at the crosshairs.
In order to help secure your organization better, TrapX Security and Carbon Black have joined forces to provide real-time visibility, threat detection, improved incident response and rapid threat containment through a joint solution. Before we get to the joint solution, here’s a brief introduction to TrapX and our innovative deception technology:
Who is TrapX and what do they do?
TrapX Security is the leader in deception technology. The DeceptionGrid is a solution that rapidly detects, deceives, and defeats advanced cyberattacks and human attackers in real time. The DeceptionGrid also provides automated, highly accurate insight into malicious activity unseen by other types of cyber defenses.
Here’s how the DeceptionGrid works:
The DeceptionGrid baits attackers by deploying automated, camouflaged deception Tokens (lures) with the addition of medium and high-interaction Traps (decoys) among authentic IT resources. The Traps appear identical in every way to authentic IT assets and connected Internet of Things (IoT) devices. The attacker sees an array of camouflaged Traps which appear as tempting medical devices, servers, automated teller machines, retail point of sale workstations, switches, industrial control system components and many other devices. The DeceptionGrid even maintains a façade of convincing network traffic among the Traps, thereby enhancing the illusion of authenticity and further engaging sophisticated attackers.
What are the benefits of this joint solution?
TrapX’s DeceptionGrid utilizes Carbon Black’s Cb Response, a highly scalable, real-time Endpoint Detection and Response (EDR) solution with unparalleled visibility for top security operations centers and incident response teams. This integration enables the DeceptionGrid to provide actionable threat intelligence and initiate rapid threat containment actions or interdiction throughout the Carbon Black security ecosystem.
The joint solution also offers customers early detection capabilities for advanced targeted attacks, zero-day malware and human threat-actors operating on endpoints. In addition, it provides users with the ability to assertively isolate compromised assets quickly, thereby shutting-down attackers in real-time.
How can I use this in my organization?
It’s actually very simple. When malicious activity is identified by one of the DeceptionGrid’s sophisticated traps, an alert is sent automatically to Cb Response for isolation based on policy (risk-based) rules. Users can also isolate the endpoint manually with Cb Response through the TrapX Security Operations Console (TSOC).
After the malware or human threat actor is completely shut down, security teams can leverage Cb Response to take remediation actions including enterprise-wide hash banning, drilling down to root cause and the ability to create automated watchlists to alert on similar malicious techniques in the future.
Here’s a video showing you how to implement the integration: