With firewalls no longer seen as enough of a defense against security breaches, companies are looking at new tools to foil hackers trying to enter a computer network.
U.S. and Israeli startups are leading the way, with new approaches such as “honeytraps” that lure a hacker to fake data or “polymorphic” technology that constantly changes the structure of applications running on a computer.
Some of the technology is still in the early stages and it remains to be seen whether it will be good enough to outfox the hackers.
But with corporate giants such as Sony and Twitter Inc facing high-profile hacks in recent years, companies are desperate for new ideas to make sure financial, personal and corporate data stays safe.
“We view this (deception technologies) as a $3 billion market over the next three years, with Israel and Silicon Valley being the epicenter of this innovation wave,” said Daniel Ives, a senior technology analyst at FBR Capital Markets.
TopSpin Security, Illusive Networks, Cymmetria and GuardiCore in Israel, California-based TrapX and Attivo Networks are among a handful of start-ups forging ahead with deception technology. Israel’s Morphisec and U.S. Shape Security are developing “polymorphic” systems.
Many of those companies use techniques partly developed in the U.S. and Israeli military that were taken to startups by veterans such as Gadi Evron, the head of Cymmetria and of Israel’s Computer Emergency Response Team.
TrapX Security offers DeceptionGrid, a technology using fake information that triggers a security alert.
TrapX clients include Israel’s central bank, U.S. hospital chain HCA, Bezeq, Israel’s largest telecoms group, and Union Bank of Israel, according to Asaf Aviram, sales director for Israel and emergent markets at TrapX.
TopSpin Chief Executive Doron Kolton said his clients include one of Israel’s top five banks, a large U.S. hospital and a mobility technology company. The product is resold by Optiv Security in the United States and Benefit in Israel.
While still a fraction of the overall cyber security market, Gartner, a leading technology consultancy, sees 10 percent of businesses using deception tactics by 2018.
But Gartner analyst Laurence Pingree noted that they “have so far had only nascent adoption” as many of the companies don’t yet understand the technology.
“Educating security buyers on its usefulness will be crucial,” he said.
Some in the industry note that several companies including FireEye and CrowdStrike tried to launch similar products three or four years ago before pulling back although analysts say the technologies have improved greatly in the past two years.
“A lot of companies are looking at it but it’s still early days,” said a security executive with a Fortune 500 company.
He said deployments were quite limited, with most trials where business test the product on a limited basis at no cost.
Others said hackers may quickly be able to detect the traps.
“They will be challenged by the fact that (some) hackers are so sophisticated they might detect decoy servers or fake data,” said Ziv Mador, head of research at Chicago-based cyber security firm Trustwave.
The technology could offer a second layer of defense to firewalls, which cannot always block malicious attempts, he said, and did not rule out Trustwave offering deception tools in the future.
TopSpin’s Kolton also noted that deception would be “part of a bigger solution” and to “be combined with other things.”
Trail of Breadcrumbs
The system developed by TopSpin, whose investors include Check Point Software Technologies co-founder Shlomo Kramer, engages attackers once they have penetrated the network. It leads hackers to decoys by sprinkling “breadcrumbs,” such as fake credentials.
While the idea of a honeypot is not new, in the past they were used to alert IT administrators that there was a hacker in the system.
With more advanced technology they slow the hacker and set off tools to stop them getting further into the system. If they follow the trail to the trap, the company knows they are a hacker.
“When someone hits a honeypot it’s malicious activity,” Kolton said.
Attivo’s website says their system lures attackers into revealing themselves when they start to look for “high-value assets.” It also promises no false-alarms, a problem with traditional detection systems.
Other tools are being developed that would prevent hackers from penetrating a network entirely.
Morphisec, backed by Jerusalem Venture Partners, Deutsche Telekom and GE Ventures, has developed technology that randomly changes the structure of applications running on the computer.
“When an attack seeks its target it expects to find a certain memory structure. With Morphisec it finds something different,” Morphisec CEO Ronen Yehoshua said.
Shape Security of California also uses such “polymorphic” technology.
While these new ideas have mainly been generated by start-up companies, investors say bigger, more established security players are interested.
“I’d say that many antivirus companies are already looking into building similar technologies on their own or buying them,” JVP managing partner Gadi Tirosh said.
(Additional reporting by Jim Finkle in Boston; editing by Anna Willard)