DeceptionGrid™ 7.1 Is First Software Platform to Test Deception Against Attack Scenarios Outlined in MITRE ATT&CK, Empowering Businesses to Engage and Disrupt Advanced Cyber Threats
TrapX Security, the global leader in Deception-based threat detection and response, today announced that DeceptionGrid 7.1, the latest version of its flagship Deception platform, will introduce the Active Defense Scorecard™ (ADS), making it the first platform to deploy and test deceptive network assets based on MITRE ATT&CK techniques. This update allows DeceptionGrid users to:
- Enable pre-emptive Active Defense planning and testing
- Add MITRE ATT&CK context to active incidents
- Leverage MITRE ATT&CK to outline and enhance their defense strategy
“The massive shift to remote work, coinciding with a surge of highly sophisticated and disruptive attacks, makes it very clear that we live in a new world,” said Ori Bach, CEO of TrapX Security. “The events of 2020 fundamentally changed the threat landscape. Attackers have the playbook and have reached a new level of stealth that conventional security simply cannot match. We need a new approach.”
MITRE ATT&CK and MITRE Shield are vital tools that enable risk-aligned, agile security. MITRE ATT&CK is a globally accessible knowledgebase of adversary tactics and techniques based on real-world observations. The ATT&CK knowledgebase is used as a foundation for the development of specific threat models and methodologies in the private sector and government, as well as in the cybersecurity product and service community.
MITRE Shield is a complimentary, publicly available, knowledgebase of techniques and tactics that proactively defend networks and assets. MITRE Shield introduced the concept of Active Defense and has since been widely adopted as an agile defensive strategy.
Read More: Lessons learned from Public Key Infrastructure
“Used together, ATT&CK and Shield are a powerful combination that offers practitioners a playbook to harden their environment against likely attackers, as well as a complementary framework for actively disrupting them. DeceptionGrid 7.1 now completes this circle,” added Bach. “We’re delivering a comprehensive platform for deploying and managing deceptive accounts, content, credentials, networks, and personas. We can predictably disrupt an adversary’s ability to conduct reconnaissance and move laterally, while revealing their presence and their TTPs. In addition, because TrapX alerts are mapped to ATT&CK, we create a dynamic closed loop between active techniques, Active Defense countermeasures, and mitigation.”
Protecting the New Normal
DeceptionGrid 7.1 will also allow vulnerable, distributed workplaces to quickly and efficiently assess the state of their remote devices and remediate end points accordingly, including VPN access, self-spreaders, credential access, sensitive data access, and browser history and bookmarks. The new release introduces public traps built specifically for the expanding Cloud environment: lightweight, realistic replicas designed to engage and misinform attackers. This includes VPN, Cloud, corporate IT, IoT and OT assets.
TrapX determined the need for built-in Active Defense capabilities following assessment of the threat landscape heading into 2021. Following 2020, which saw radical changes to the way organizations operate and unprecedented Cloud adoption, the Deception-based cyber defense provider identified key challenges for businesses in the coming year:
Read More: Enhancing Incident Response by Leveraging Decision-Making Psychology
- Battling lateral movement: attackers continue to exploit trusted software with privileged access across the network, even in the face of in-depth, Zero-trust threat modelling.
- Securing remote work, including remote employees, VPN access and Cloud applications.
- Managing IT/OT convergence means an increase in complexity, alert volume, blind spots and vulnerable surfaces for already overwhelmed organizations.
- The rise of ransomware: 2020 saw ransomware accelerate, and it shows no signs of stopping.
- Increased supply chain risk: there is a growing need to protect against weaponized enterprise software.
- Increased DevOps risk as attackers continue to adopt stealth to disrupt the software supply chain.
