Deception security startup TrapX raises $9M

Steven Loeb · July 10, 2015 · Short URL: https://vator.tv/n/3eb1

TrapX creates lightweight, affordable emulations to help deceive and trap hackers

With cyber security becoming such a big issue in recent years, we've seen a lot of companies coming along with new ways to try to tame and contain that threat, often before it happens. If there is one silver lining to out governments, retailers and major Internet companies being hacked, its that the security space has been rejuvenated.

One method of combating cyber threats is deception-based defense, which automates the deployment of a network of camouflaged malware traps appear identical in every way to real IT assets. Once malware has slipped past other cyber defense products, it moves laterally to find high value targets.

The problem is, this type of security can be expensive and hard to manage. TrapX is a company in the deception space that has figured out a way to make it both lightweight and affordable.

The company announced on Friday that  is has raised $9 million in a Series B round of funding led by investors Intel Capital and Liberty Venture Capital, with current investors BRM Group and Opus Capital. TrapX has previously raised a $5 million round, bringing its total funding to $14 million.

"We are solving he ongoing problems that companies, executives and boards are having when they are breached, giving hackers access to financial information and intellectual property. Companies are losing this info it puts them at risk for financial loss," Greg Enriquez, CEO of TrapX, told me in an interview.

"TrapX solves attacks that get beyond the perimeter, behind network defenses, and we do it with tech that uses deception as a premise. We copy systems, trap attackers, and help customers with protection and remediation."

The company is able to go from an alert to fix in less than 10 minutes, he said, and it tries to get problems solved in the least amount of time possible.

The technique that TrapX uses is typically known as the "honey pot,"  in which it tries to attract attackers by creating emulations that are more vulnerable as a way to attract the attackers to the decoy. They will then alert the system that someone is attacking it.

Once attackers are able penetrate the customer’s enterprise, they move laterally, identify high value targets, and then begin to exfiltrate the data. At the same time, these attackers may choose to damage key IT infrastructure resources and destroy or modify key data and computing application systems. They move from device to device, examine the potential theft targets, and then move onto the next.

TrapX's automated threat intelligence builds a signature on the new malware, and then distributes it throughout the customer’s enterprise so it can immediately detect other instances, even if they quiet and inactive. The company then tracks the control path back to the physical location of the attacker so that its customer can identify them and share the information with law enforcement authorities. 

Deception technology is a growing space, and one that has been a number of other companies pop up in the last six months. 

TrapX is unique, Enriquez said, because it emulates the operating system, rather than fully copying it, making it lower cost and easier to manage.

"When you are trying to manage a decoy you run into all of the problems of managing of running an operating system. It's very hard to find good people and they are very busy," he said. "We do a lightweight emulation, which is more efficient and allows for more productivity. It doesn't have to be managed, and you don't have to spent a lot of time watching it. Also, you don't have to pay for a full operating system."

That allows TrapX to save its customers both time and money.

"Time is critical because there are limited resources to work with on a security team, dealing with alerts and ID problems. The value of something like this is that the alter is high fidelity. We might give a company five to 10 alerts, rather than 5,000 alerts from others," said Enriquez.

"Once you touch one of our traps its likely you're guilty. And once we get an alert that the IP address has been breached, we get to end point very quickly and take it offline, so you can avoid problems from invading other systems. It costs anywhere from $1,000 to $1,300 to reimage an operating system, not to mention the loss of data. If we can stop attackers at one system rather than 10, we save a lot of money."

The company will use this new funding to grow out its team. It currently has over 30 employees, and will be growing by 50%, so it will add at least 15 employees by the end of year, maybe more depending on growth rates. That means hiring engineering and marketing talent.

TrapX has been expanding globally, announcing the opening of a new Hong Kong office and one in Europe, and this funding will allow it to continue that expansion.

The funding will also go to expanding the product, Enriquez said.

"Today we are the leader in deception technology. We have built out emulations, and perfected our deception technique. We want to keep adding more offenses like this, so we can find out why and how companies are being attacked, increase interaction with him, and find out  how long we have to hold them to learn more about them," he told me.

"We always want to learn what malware they're using, how they've altered that malware, so we can see indicators of compromise. We want to know if they attacked multiple industries so we can compare across industries. Most importantly we are building out our deception grid to increase the level of interaction, ID where they're coming from and what they've taken. Anything you can do to add more context."

Enriquez is aware that companies have been trying out multiple different systems to try and combat these problems, and are constantly adding things without ever taking anything away. So TrapX is designed to help companies get more value of those existing investments by integrating with them to make them more valuable and productive.

It already has integration with three sandboxes including McAfee.