TrapX offers Deception-As-A-Service to mitigate risk of remote working

New solution designed to protect corporate assets from the risks posed by the growth in remote working

Posted 3 November 2020 by Christine Horton

TrapX Security has launched what it says is the industry’s first ‘Deception-as-a-Service’ solution created to protect corporate assets from the risks posed by the growth in remote working.

The company points to the vulnerabilities associated with home working in response to COVID-19. It cites a recent Osterman Research survey that says 71 percent of IT managers reported that cyber risk exposure is greater now than it was pre-pandemic due to the expanding remote work environment.

Additionally, a further 60 percent think 2020 has seen an increase in overall organisational risk.  

“Security teams and the access points they must protect are now scattered and disconnected, making it even more difficult to identify and stave off threats,” said Steve Preston, senior vice president, strategy and growth, TrapX.

Remote employees – many of whom are working away from the office for the first time – are more vulnerable to phishing and other malware attacks, switching between unmanaged personal and corporate devices, and connecting to unsecured personal or public networks every day. Traditional, on-premise security controls are no longer sufficient to keep pace and protect critical assets.

Accessing sensitive data and systems

Preston said that the new distributed work environment sees employees now accessing sensitive data and critical systems from their newly provisioned laptops.

“We know employees are much more vulnerable to phishing now but let’s just focus on that laptop. What OS, browser and office tools is it running? Have they been updated? Is the laptop connecting to the VPN, cloud apps or a command and control server? What is the individual’s home network like? How many coffee pots, doorbells, games wearables and computers are connected to it? Are they secure? Probably not!

“Security’s visibility into the endpoint is limited to when it’s connected to the corporate network. Outside of that, they are in the dark. We should work on the assumption that employees will get phished and the endpoint will get compromised. Deception can play an important role in directing attacks away from critical assets and toward traps that will alert security of malicious activity.”

However, the company claims the new offering, TrapX Flex, “delivers all the benefits of Deception without the overhead”, reducing cyber risk with a hosted, turnkey platform that provides end-to-end protection and visibility.

It offers an endpoint fitness test, and offers protection against agentless, endpoint lures and cloud and corporate traps. It also provides a hosted security console and 24/7 monitoring and analysis.