Post on 26-May-2020
transcript
2017 North American Deception-based Cyber-security Defense for Manufacturing
Technology Leadership Award
BEST PRACTICES RESEARCH
© Frost & Sullivan 2017 2 “We Accelerate Growth”
Contents
Background and Company Performance ........................................................................ 3
Industry Challenges .............................................................................................. 3
Technology Leverage and Business Impact .............................................................. 3
Conclusion........................................................................................................... 7
Significance of Technology Leadership .......................................................................... 8
Understanding Technology Leadership .......................................................................... 8
Key Benchmarking Criteria .................................................................................... 9
Best Practice Award Analysis ....................................................................................... 9
Decision Support Scorecard ................................................................................... 9
Technology Leverage .......................................................................................... 10
Business Impact ................................................................................................. 10
Decision Support Matrix ...................................................................................... 11
Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices ................................................................................................................. 12
The Intersection between 360-Degree Research and Best Practices Awards ..................... 13
Research Methodology ........................................................................................ 13
About Frost & Sullivan .............................................................................................. 13
BEST PRACTICES RESEARCH
© Frost & Sullivan 2017 3 “We Accelerate Growth”
Background and Company Performance
Industry Challenges
The layers of criticality that make up industrial control systems (ICS) in today’s
manufacturing facilities begin with keeping production flowing smoothly and end with
representing the most vulnerable component of an operation; any attack on them poses
high-level risk involving loss of lives and critical services, destruction of property, and
downtime of an entire plant. In fact, ICS and especially supervisory control and data
acquisition (SCADA) systems within manufacturing facilities are increasingly vulnerable to
attackers due to the rise of the Industrial Internet. ICS are now based on open
architectures using standardized interfaces and are connected to both the Internet and
internal corporate networks. Essentially, they have begun to expand and cross traditional
boundaries (i.e., cross internal networks) - leaving them exposed to third-party intrusions
and massive disruption possibilities.
Moreover, legacy ICS and SCADA components needing protection have very limited CPU
memory, which makes it difficult to load security software into them. Despite the presence
of air-gapped perimeter and endpoint defenses, strict user policies, firewalls, intrusion
detection, and other legacy defense tools, Frost & Sullivan notes that today’s attackers
armed with advanced knowledge of ICS will eventually breach networks and penetrate
multi-layered cyber defenses. With attackers using sophisticated techniques, existing
perimeter-based defense strategies within the manufacturing industry generally cannot
detect new zero-day intrusions, advanced targeted attacks, and malicious insiders. Part of
the challenge stems from the fact that often times manufacturing facilities do not even
know that they are breached in the first place. Frost & Sullivan points out that this calls
for a new defense strategy that can provide increased visibility within manufacturing ICS
networks. Considering the need for improved defense solutions to mitigate these ever-
more complex challenges, Frost & Sullivan believes that companies that can provide a
network-based deception technology platform for manufacturing facilities to divert
attackers - while still defending their manufacturing and process control systems against
advanced attacks – will secure clear leadership positions in the market.
Technology Leverage and Business Impact
Commitment to Innovation
Strongly committed to providing deep visibility into any malicious activity within a
manufacturing ICS network and at the same time detecting, deceiving, and defeating
specialized cyber-attacks on manufacturing facilities, TrapX offers the DeceptionGrid 6.11
platform based on deception technology.
BEST PRACTICES RESEARCH
© Frost & Sullivan 2017 4 “We Accelerate Growth”
This platform deceives, detects and defeats cyber-attackers targeting ICS infrastructure
and components across an entire ICS network by first scanning the existing network, then
automatically provisioning a large number of varied deception components such as tokens
(lures) and traps (both emulated and fullOS), asas well as simulated network traffic
between the various deception components.
Understanding the growing concern over cyber attackers’ ability to move laterally (to
progressively move through a network) and locate high-value targets demonstrates the
unique technology leadership TrapX leveraged to deploy deceptive elements on the
endpoints, on the network, and on the application layer. This strategy leads to real-time
detection of cyber-attack movement across the entire manufacturing network, whether a
local network and/or cloud environment. Specifically, the company’s architecture consists
of automated deception tokens or endpoint lures, patented medium interaction traps or
decoys, and high-interaction full OS traps.
First, the tokens or lures (e.g., cached credentials, data base connections, network share)
that are embedded within real IT assets and appear as ordinary files, scripts, and
databases divert or deceive the attackers to the deployed traps. These traps, which can be
rapidly deployed at scale (as many as thousands) through automation, appear as or
emulate, a number of operational IT assets or attack surfaces such as specialized SCADA
components, servers, workstations, network switches, and routers. What largely
differentiates TrapX is that its underlying flexible technology allows these traps or decoys
to also emulate Internet of Things (IoT) devices, medical devices, ATMs, retail point-of-
sale (PoS) terminals, and components of the SWIFT financial network, for instance. To
engage the attackers deeper and divert them further, a smart-deception proxy now
extends the attacker to a full OS high-interaction trap, where customers are able to enter
fake data and applications.
All three layers are interconnected. Here is where Frost & Sullivan sees TrapX
DeceptionGrid’s unique contribution to the market: the integrated architecture, by
combining numerous deception components or techniques (e.g., tokens, traps, and fake
applications) into a single deception framework, presents maximum possible deception
surfaces to engage the attackers, waste their time (as they move around the network),
and ultimately engages them. A highly accurate alert is set off the moment an attacker
penetrates a manufacturing network and touches a DeceptionGrid trap. TrapX has several
integrations with other cyber security vendors in order to trigger a response. Real-time
forensics and analysis enable security operations teams to disrupt any attack. As such, the
integration of DeceptionGrid with the network and security ecosystem works to contain
the attacks, quarantine suspicious endpoints, deliver threat intelligence and
comprehensive forensics data, and enable normal operations to resume.
Frost & Sullivan applauds TrapX for demonstrating powerful technology leadership and an
industry best practice in keeping customers informed in real-time about what is happening
within their networks and providing immediately actionable insights. This approach is
BEST PRACTICES RESEARCH
© Frost & Sullivan 2017 5 “We Accelerate Growth”
clearly exemplary, as it helps customers to minimize the risk to intellectual property/data
theft, IT assets, critical infrastructure, and impact on business operations by informing
them of a breach as it is happening.
Commitment to Creativity
TrapX truly differentiates itself from the conventional perimeter defenses, signature-based
tools and intrusion-detection methods by providing highly accurate alerts. DeceptionGrid
alerts are not probability based - they are very close to 100%. No one should be touching
a trap or lure within the network. If they do it is almost 100% certainty that an attacker,
malicious insider, or targeted malware tool such as ransomware have penetrated the
internal network.
Response is enhanced by the use of components such as an enhanced Automated Incident
Response (AIR) module and CryptoTrap security modules. Indications of compromise
(IOCs), which are identified by DeceptionGrid traps, trigger a forensic analysis of
suspicious endpoints. The AIR module then performs a complete and rapidly automated
forensic analysis of any suspicious endpoints. The CryptoTrap module, on the other hand,
deceives, contains, and mitigates ransomware attack and protects the actual resources by
creating traps appearing as valuable network shares to ransomware. This module also
simultaneously disconnects the source of the attack. By virtue of these superior
functionalities/core components when pitted against competing solutions, Frost & Sullivan
finds that TrapX has engineered a comprehensive deception platform that can entice and
deceive attackers at every step.
With the aim to deliver an enriched ownership and user experience, TrapX has also
designed DeceptionGrid with visualization techniques, attack identification, and flexible
deployment options for simple migration. TrapX considers the visual representation of an
attacker’s activities and attack identification as powerful elements of success.
DeceptionGrid, therefore, was designed so a security operations team can easily and
completely visualize and understand an attacker’s activities. This is due to the fact that
the platform delivers real-time visibility of all scenarios ranging from the point of intrusion
through the assets tampered with - and eventually the final containment. Moreover, a
powerful attack identification feature identifies the nature, source, and intent of an attack,
no matter if it is a human attacker or an automated tool. The industry best practice
demonstrated by TrapX here is that the platform empowers the customer’s security
operations team to not only view and understand the attack but also devise corresponding
containment methods. DeceptionGrid is designed to be deployed either on premise or in
the cloud and can also be deployed through a managed security service provider (MSSP).
Frost & Sullivan feels that the aforementioned core components, unique design attributes,
and flexible deployment options will help TrapX further increase adoption of its
DeceptionGrid platform.
BEST PRACTICES RESEARCH
© Frost & Sullivan 2017 6 “We Accelerate Growth”
Scalability
Automated provisioning and maintenance of deception components, as well as easy
integration with existing operations, enable rapid deployment in large enterprises with no
changes to the manufacturing network infrastructure. Such automated provisioning not
only supports large manufacturing enterprises concerning scalability, but also eliminates
the costs associated with manually configuring individual deceptive elements.
DeceptionGrid removes the need for human intervention, and Frost & Sullivan applauds
TrapX for designing a platform that eliminates logistical challenges associated with large-
scale provisioning and maintenance of deception components.
Application Diversity & Customer Acquisition
DeceptionGrid is incredibly applicable across industries. Another exemplary best practice
demonstrated by TrapX is in enabling its customers to use DeceptionGrid for varied
applications. This is because its deception technology can emulate industry-specific traps
such as medical devices, ATMs, point-of-sale terminals and Internet of Things (IoT)
devices; therefore, the platform has boosted the company’s success in demonstrating
technology leadership not only in manufacturing, but also in drawing the attention of
major companies from a wide range of industries - including healthcare, government,
technology, financial services, retail, and utilities. TrapX currently has 300 customers
across the United States, Europe, Israel, and Asia-Pacific. Some of the leading companies
that have deployed DeceptionGrid are Unilever, Pearl River Resort, John Muir Health,
PRISA, MedeAnalytics, Berwin Leighton Paisner, and Outbrain.
With regards to expansion into more target accounts and go-to-market strategies, TrapX
works in concert with its partners. The company has a business development and
partnership strategy that hinges on close working relationships, especially with service
providers, resellers, and technology partners. TrapX has built an extensive ecosystem of
partners across the globe and works with a number of integration partners. It has forged
strong partnerships with some of the most prominent technology companies in the
industry, including McAfee (security innovation alliance), CISCO, and ForeScout. These
strong relationships have proven to be quite advantageous for TrapX as its partners can
enhance customer value and speed of implementation, as well as provide the market
reach that TrapX needs. For instance, its partners can take TrapX products and services
directly to market under a software-as-a-service (SaaS) business model. By boasting large
application diversity and a strong partnership strategy, Frost & Sullivan expects TrapX to
further strengthen its position in the coming years.
Growth Potential
A solid product and technology strategy and support from investors will likely accelerate
the growth potential of TrapX. Continuous and accelerated innovations starting from
DeceptionGrid version 5.1 (with deceptive elements on the network and endpoint),
BEST PRACTICES RESEARCH
© Frost & Sullivan 2017 7 “We Accelerate Growth”
followed by version 5.2 (medical device emulations by traps), to the latest version 6.11
have helped TrapX attract customers and thereby accelerate its growth potential. Version
6.11 features deception components on the application layer, SWIFT/ATM emulations by
traps, support for IoT devices such as smart lights and security cameras, support for the
Amazon EC2 and KVM Hypervisor cloud environments, and the ability to maintain
convincing and deceptive network traffic among the traps to engage the attackers.
Constantly providing its customers and partners with newer features and unique value
propositions fortifies the company’s potential to expand the scope of applications for its
solution.
Moreover, support from investors such as BRM Group, Liberty Israel Venture Fund, LLC,
Opus Capital, Intel Capital, and Strategic Cyber Ventures is expected to enhance TrapX’s
team size, working capital, and customer engagement going forward.
Conclusion
Unlike other security solutions that work at the perimeter, TrapX ’s DeceptionGrid is
strikingly different by working at the core of the network and within mission-critical
infrastructure to provide real-time breach detection and prevention. Therefore, through its
highly reliable and secure DeceptionGrid technology featuring multi-tier deception
architecture, TrapX has leveraged its capabilities to render unmatched value and solidify
its position in the deception-based cyber-security defense for manufacturing space.
This unique deception technology, using deception tokens (lures) and medium and high-
interaction traps, addresses security issues in a deeper and more sophisticated way by
deceiving attackers at every level and helping manufacturing organizations defend their
systems against advanced attacks. DeceptionGrid creates a way for customers to
proactively bait attackers in the network by setting traps. In gaining visibility across all
corners of the operation, manufacturing organizations are alerted the exact moment they
have been breached. DeceptionGrid provides them not only automated and highly
accurate insight into malicious activity, but also rapidly detects, analyzes, and defends
against cyber-attacks in real time. TrapX has clearly enhanced the value proposition for its
customers, thereby setting a high standard in the deception-based cyber-security defense
landscape.
With its strong overall performance, TrapX has earned the 2017 Frost & Sullivan
Technology Leadership Award.
BEST PRACTICES RESEARCH
© Frost & Sullivan 2017 8 “We Accelerate Growth”
Significance of Technology Leadership
Technology-rich companies with strong commercialization strategies benefit from the
increased demand for high-quality, technologically-innovative products. Those products
help shape the brand, leading to a strong, differentiated market position.
Understanding Technology Leadership
Technology Leadership recognizes companies that lead the development and successful
introduction of high-tech solutions to customers’ most pressing needs, altering the
industry or business landscape in the process. These companies shape the future of
technology and its uses. Ultimately, success is measured by the degree to which a
technology is leveraged and the impact that technology has on growing the business.
BEST PRACTICES RESEARCH
© Frost & Sullivan 2017 9 “We Accelerate Growth”
Key Benchmarking Criteria
For the Technology Leadership Award, Frost & Sullivan analysts independently evaluated
two key factors—Technology Leverage and Business Impact—according to the criteria
identified below.
Technology Leverage
Criterion 1: Commitment to Innovation
Criterion 2: Commitment to Creativity
Criterion 3: Technology Incubation
Criterion 4: Commercialization Success
Criterion 5: Application Diversity
Business Impact
Criterion 1: Financial Performance
Criterion 2: Customer Acquisition
Criterion 3: Operational Efficiency
Criterion 4: Growth Potential
Criterion 5: Human Capital
Best Practices Award Analysis for TrapX
Decision Support Scorecard
To support its evaluation of best practices across multiple business performance
categories, Frost & Sullivan employs a customized Decision Support Scorecard. This tool
allows our research and consulting teams to objectively analyze performance, according to
the key benchmarking criteria listed in the previous section, and to assign ratings on that
basis. The tool follows a 10-point scale that allows for nuances in performance evaluation.
Ratings guidelines are illustrated below.
RATINGS GUIDELINES
The Decision Support Scorecard is organized by Technology Leverage and Business Impact
(i.e., These are the overarching categories for all 10 benchmarking criteria; the definitions
for each criterion are provided beneath the scorecard.). The research team confirms the
veracity of this weighted scorecard through sensitivity analysis, which confirms that small
changes to the ratings for a specific criterion do not lead to a significant change in the
overall relative rankings of the companies.
BEST PRACTICES RESEARCH
© Frost & Sullivan 2017 10 “We Accelerate Growth”
The results of this analysis are shown below. To remain unbiased and to protect the
interests of all organizations reviewed, we have chosen to refer to the other key
participants as Competitor 2 and Competitor 3.
Measurement of 1–10 (1 = poor; 10 = excellent)
Technology Leadership
Technology
Leverage
Business
Impact Average Rating
TrapX 9.5 9.5 9.5
Competitor 2 8.0 8.0 8.0
Competitor 3 7.0 7.0 7.0
Technology Leverage
Criterion 1: Commitment to Innovation
Requirement: Conscious, ongoing development of an organization’s culture that supports
the pursuit of groundbreaking ideas through the leverage of technology
Criterion 2: Commitment to Creativity
Requirement: Employees rewarded for pushing the limits of form and function, by
integrating the latest technologies to enhance products
Criterion 3: Technology Incubation
Requirement: A structured process with adequate investment to incubate new
technologies developed internally or through strategic partnerships
Criterion 4: Commercialization Success
Requirement: A proven track record of successfully commercializing new technologies, by
enabling new products and/or through licensing strategies
Criterion 5: Application Diversity
Requirement: The development of technologies that serve multiple products, multiple
applications, and multiple user environments
Business Impact
Criterion 1: Financial Performance
Requirement: Overall financial performance is strong in terms of revenues, revenue
growth, operating margin, and other key financial metrics.
Criterion 2: Customer Acquisition
Requirement: Overall technology strength enables acquisition of new customers, even as
it enhances retention of current customers.
Criterion 3: Operational Efficiency
Requirement: Staff is able to perform assigned tasks productively, quickly, and to a high-
quality standard.
BEST PRACTICES RESEARCH
© Frost & Sullivan 2017 11 “We Accelerate Growth”
Criterion 4: Growth Potential
Requirements: Technology focus strengthens brand, reinforces customer loyalty, and
enhances growth potential.
Criterion 5: Human Capital
Requirement: Company culture is characterized by a strong commitment to customer
impact through technology leverage, which in turn enhances employee morale and
retention,
Decision Support Matrix
Once all companies have been evaluated according to the Decision Support Scorecard,
analysts then position the candidates on the matrix shown below, enabling them to
visualize which companies are truly breakthrough and which ones are not yet operating at
best-in-class levels.
High
Low
Low High
Bu
sin
ess I
mp
act
Technology Leverage
TrapX
Competitor 2
Competitor 3
BEST PRACTICES RESEARCH
© Frost & Sullivan 2017 12 “We Accelerate Growth”
Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices
Frost & Sullivan Awards follow a 10-step process to evaluate Award candidates and assess
their fit with select best practice criteria. The reputation and integrity of the Awards are
based on close adherence to this process.
STEP OBJECTIVE KEY ACTIVITIES OUTPUT
1 Monitor, target, and screen
Identify Award recipient candidates from around the globe
Conduct in-depth industry research
Identify emerging sectors
Scan multiple geographies
Pipeline of candidates who potentially meet all best-practice criteria
2 Perform 360-degree research
Perform comprehensive, 360-degree research on all candidates in the pipeline
Interview thought leaders and industry practitioners
Assess candidates’ fit with best-practice criteria
Rank all candidates
Matrix positioning of all candidates’ performance relative to one another
3
Invite thought leadership in best practices
Perform in-depth examination of all candidates
Confirm best-practice criteria Examine eligibility of all
candidates Identify any information gaps
Detailed profiles of all ranked candidates
4
Initiate research director review
Conduct an unbiased evaluation of all candidate profiles
Brainstorm ranking options Invite multiple perspectives
on candidates’ performance Update candidate profiles
Final prioritization of all eligible candidates and companion best-practice positioning paper
5
Assemble panel of industry experts
Present findings to an expert panel of industry thought leaders
Share findings Strengthen cases for
candidate eligibility Prioritize candidates
Refined list of prioritized Award candidates
6
Conduct global industry review
Build consensus on Award candidates’ eligibility
Hold global team meeting to review all candidates
Pressure-test fit with criteria Confirm inclusion of all
eligible candidates
Final list of eligible Award candidates, representing success stories worldwide
7 Perform quality check
Develop official Award consideration materials
Perform final performance benchmarking activities
Write nominations Perform quality review
High-quality, accurate, and creative presentation of nominees’ successes
8
Reconnect with panel of industry experts
Finalize the selection of the best-practice Award recipient
Review analysis with panel Build consensus Select recipient
Decision on which company performs best against all best-practice criteria
9 Communicate recognition
Inform Award recipient of Award recognition
Present Award to the CEO Inspire the organization for
continued success Celebrate the recipient’s
performance
Announcement of Award and plan for how recipient can use the Award to enhance the brand
10 Take strategic action
Upon licensing, company is able to share Award news with stakeholders and customers
Coordinate media outreach Design a marketing plan Assess Award’s role in future
strategic planning
Widespread awareness of recipient’s Award status among investors, media personnel, and employees
BEST PRACTICES RESEARCH
© Frost & Sullivan 2017 13 “We Accelerate Growth”
The Intersection between 360-Degree Research and Best Practices Awards
Research Methodology
Frost & Sullivan’s 360-degree research
methodology represents the analytical
rigor of our research process. It offers a
360-degree-view of industry challenges,
trends, and issues by integrating all 7 of
Frost & Sullivan's research methodologies.
Too often companies make important
growth decisions based on a narrow
understanding of their environment,
leading to errors of both omission and
commission. Successful growth strategies
are founded on a thorough understanding
of market, technical, economic, financial,
customer, best practices, and demographic
analyses. The integration of these research
disciplines into the 360-degree research
methodology provides an evaluation
platform for benchmarking industry
players and for identifying those performing at best-in-class levels.
About Frost & Sullivan
Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth
and achieve best-in-class positions in growth, innovation and leadership. The company's
Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined
research and best practice models to drive the generation, evaluation and implementation
of powerful growth strategies. Frost & Sullivan leverages more than 50 years of
experience in partnering with Global 1000 companies, emerging businesses, and the
investment community from 45 offices on six continents. To join our Growth Partnership,
please visit http://www.frost.com.
360-DEGREE RESEARCH: SEEING ORDER IN
THE CHAOS