Aviva Zacks of Safety Detective had the opportunity to sit down with Ori Bach, General Manager and Vice President of Products for TrapX, and he told her how his company sets traps to catch hackers and by doing so, is creating a true paradigm change in the cybersecurity industry.
Safety Detective: How did you get into cybersecurity, and what do you love about it?
Ori Bach: I was a part of a task force that dealt with banking fraud. As time went on, we realized that banking fraud is actually cybercrime and that a huge amount of the money was stolen as a result of cyber-attacks perpetrated by criminal organizations. This is what initially interested me within this emerging space.
SD: What was your path into your current role?
OB: I’ve worked in different product roles with companies such as Actimize, which deals with banking fraud and Trusteer (now part of IBM Security), that provides solutions to fight cybercrime. My experience has been in helping different types of organizations improve their security posture and do a better job of fighting cybercrime.
SD: TrapX uses deception technology—camouflaged traps to get hackers to believe that they’re getting access to real assets. Explain this approach.
OB: TrapX’s approach is not just technically different, it’s a paradigm change. All the other companies that I’ve worked for and most of the other solutions that I’m familiar with are essentially about trying to find a needle in the haystack—looking through all your data and trying to find that sliver of information that will tell you about hackers’ activity.
TrapX uses a different approach. We don’t want our customers to work hard and process all that big data. Our approach is the “Right Data” approach, meaning that we want the bad guys to come to us. We deploy a set of traps for which there is no legitimate use and only exist for the purpose of attracting different types of malicious actors. Any touch of a trap gives us a high confidence alert that some type of malicious activity is happening. It’s a different world in terms of the accuracy of the data, how the data is actionable, and the effort that it takes to detect the bad guys. We call it shifting the burden to the attacker.
Usually, the burden is on security teams who keep chasing after the bad guys. With our solution, the burden is on the attackers. They constantly have to be careful not to touch any of those traps—think about it as this huge cyber minefield that is hard for them to avoid.
SD: Do you think that more cybersecurity companies will start adapting your method of securing their networks?
OB: Gartner recently published several reports predicting that a very high percentage of cybersecurity solutions that will adopt deception technology. I think the exact statistic is that by 2022, three years from now, 25% of all threat detection and response products will include deception features and functionality. So, a quarter of security projects within companies, government agencies, and other entities will involve some level of deception as a cybersecurity countermeasure.
SD: What industries does TrapX service and why specifically those?
OB: Our technology, broadly called deception technology, has use cases for multiple verticals and can be consumed by a lot of companies. We’re seeing an accelerated level of adoption within three key verticals. One of them is financial institutions because they are a huge target for sophisticated cybercriminals, given that they manage money. Ultimately, cybercriminals are in the business of making money—with ransomware attacks or just stealing money straight from the financial institution.
The second vertical, manufacturing, has a different use case. They’re dealing with a problem of not just securing IT networks but also securing operational technology or industrial IoT. Those are industrial controllers, robots, and other manufacturing equipment connected to the network. The reason that they are an adopter of the TrapX’s deception technology is that we are able to protect the device—without interfering with it, but by creating a shadow device to its side. This allows detecting malicious activity without interfering with those very sensitive operational networks.
The final vertical are companies that manage very large-scale data centers. Their challenge is how to introduce security into an environment that is huge and constantly either growing or shrinking. The challenge is to do that without driving up the cost of security, and deception technology is a great way to do that because we’re not looking to interfere with their environments. We just create shadow networks to the side of those environments, which is very easy to deploy, monitor, and scale up and scale down.
SD: What cyberthreats should people be concerned about today?
OB: Ransomware is still huge—we have had waves of different types of attacks. The people running those attacks have been able to monetize them, which means that they are now incentivized to continue and are also very well-funded. And because they’re very well-funded, they can keep investing in the development of malware. However, it is important to look at how the threat landscape is changing and not just think about the battle you are in today but the battle you will be in tomorrow.
IoT is a huge battleground that is emerging. We’re already seeing some early attacks involving different types of IoT devices. Cameras, printers, environmental controls, or anything else that an enterprise might use in order to manage different aspects of the business are a huge target for attackers, who can exploit them and use them as jumping points. Sometimes those types of devices have interesting data—like with a camera. An attacker can pull video of sensitive areas You can see who’s in and who’s out. Sometimes, you can see computer screens, which any attacker would want to see. Printers are also scanners and scan very sensitive documents. I think people should still be concerned about ransomware, but you should also have a good strategy in place to protect the different company IoT devices.
SD: How do you see cybersecurity developing in the next few years?
OB: I think cybersecurity is maturing in the sense that there is an understanding that you need to protect IT equipment, your cloud, and your IoT equipment. One of the ways cybersecurity is maturing is knowing that you need solutions that can protect those environments without a huge overhead. I think the cybersecurity industry is also responding to the fact that good cybersecurity professionals are a rare commodity. We need to maximize the use of that skill set by giving them solutions that can be deployed across multiple environments, and that will not take a huge overhead to maintain.