TrapX Security®, a global leader in deception-based advanced cyber-security defense, today announced the integration of its DeceptionGrid product with ForeScout CounterACT® from ForeScout Technologies, Inc., a leading Internet of Things (IoT) security company. The joint solution equips customers with early threat detection and automated response capabilities designed to accelerate incident response times, quarantine threats and effectively shut them down in real time.
The DeceptionGrid integration with ForeScout’s technology greatly expands the TrapX ecosystem for detection and real-time response of advanced threats, zero-day attacks and other sophisticated malware, as well as rapid containment capabilities that isolate and block the threats. As threat intelligence is garnered from DeceptionGrid it gets shared with CounterACT, which then processes the enhanced threat intelligence and applies the security insight to trigger automated response actions and enforce a broad range of policy-based controls, such as isolating the device and initiating remedial actions on endpoints to mitigate threats.
“The integration of TrapX DeceptionGrid with ForeScout CounterACT provides customers with real-time visibility to quickly detect and contain zero-day attacks, ransomware and other sophisticated malware to stop threats from moving laterally throughout the network,” said Greg Enriquez, CEO of TrapX Security. “Sophisticated cyber criminals have found ways to bypass perimeter solutions and penetrate the network where they can move undetected as they access and exfiltrate sensitive data. The joint solution offers customers the ability to distract potential attackers and separate them from customer assets, so security teams can analyze the threat and resume normal operations quickly and easily.”
“As enterprise organizations adopt more IoT and IP-connected devices in their networks, they expand the entry point for hackers,” said Rob Greer, senior vice president of product, ForeScout Technologies, Inc. “TrapX’s integration with ForeScout allows customers to agentlessly discover devices connecting to their networks, detect malicious behavior coming from these devices, and quarantine or mitigate the threat before a major security incident occurs.”
TrapX DeceptionGrid creates a network of traps (decoys) that are intermingled with and imitate a company’s real information technology assets, creating an environment that attracts (via Lures/Deception Tokens) and detects malicious insiders as soon as they begin their attacks. Known as emulations, these traps represent an additional security layer within the enterprise infrastructure that identifies a breach as it happens and provides customers with instant insight, enabling them to prevent data from being transmitted out of the network.
Together, the integration of TrapX DeceptionGrid and ForeScout enables customers to:
- QUARANTINE: Once DeceptionGrid identifies a suspicious endpoint, it will call ForeScout’s API in order to isolate it from the network while stopping the attack and giving security teams time to investigate the incident without risk of further infection/compromise.
- DIVERT: TrapX DeceptionGrid can divert the threat away from valuable resources by deploying decoys and Deception Tokens across the network. Malware or a human attacker attempting to move laterally will divulge information on their techniques, tactics and procedures (TTPs) that security teams can use to better mitigate the threat.
- MITIGATE: TrapX identifies indicators of compromise (IOCs) based on the threat’s interaction with TrapX’s decoys. It shares IOCs with ForeScout, which can then isolate the infected endpoint based on policy. ForeScout can leverage its IOC repository to scan other endpoints that are attempting to connect, or are already connected on the network, and initiate mitigation actions on infected endpoints.
Click here to read our TrapX DeceptionGrid and ForeScout CounterACT Brief
About ForeScout Technologies, Inc
About ForeScout Technologies Inc.ForeScout Technologies, Inc. is transforming security through visibility. ForeScout offers Global 2000 enterprises and government organizations the unique ability to see devices, including non-traditional devices, the instant they connect to the network. Equally important, ForeScout lets you control these devices and orchestrate information sharing and operation among disparate security tools to accelerate incident response. Unlike traditional security alternatives, ForeScout achieves this without requiring software agents or previous device knowledge. The company’s solutions integrate with leading network, security, mobility and IT management products to overcome security silos, automate workflows and enable significant cost savings. As of January 2016, more than 2,000 customers in over 60 countries improve their network security and compliance posture with ForeScout solutions. Learn more at www.forescout.com.