Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

11/13/2017
04:00 PM
Jai Vijayan
Jai Vijayan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

Emerging IT Security Technologies: 13 Categories, 26 Vendors

A rundown of some of the hottest security product areas, and vendors helping to shape them.
6 of 14

Deception Technology

Deception technologies disrupt attackers by using decoys, deceit, and misdirection to delay and prevent breach progression. 

Vendor: Cymmetria

Deception-based security platform and cloud services for hunting attackers, detecting lateral movement, and automating incident response.
	
Factors to Watch

- MazeHunter platform for legally hacking back at attackers
- Customized cloud hosted services
- Early to market



Key Executives: Gadi Evron, founder and CEO is a former vice president of security strategy at Kaspersky Lab. Co-founder and CTO Imri Goldberg is a former officer of a cyber group within Israel's Unit 8200.

Founded: 2014

Vendor: Illusive

Automated system for deploying and adjusting deceptions across endpoints, applications, network elements, and data.
	
Factors to Watch

- Uses AI and machine learning to deliver custom deceptions
- Deployed across dozens of financial, healthcare, energy, and other organizations
- Strategic partners/investors include Microsoft, Cisco, and Citi Ventures



Key Executives: CEO and Founder Ofer Israeli is a former executive at Check Point Software Technologies.

Founded: 2014

Analyst Commentary: 'I have high hopes for deception, though the market appears mixed,' Lindstrom says. 'As our network perimeters continue to disappear, I think deception can play an important role in a security program.' He points to Attivo, Trap-X, and illusive as market leaders.

Dickson is less bullish. Deception is a technology that appears to get popular periodically, he says. 'This is the hottest topic at the RSA Security Conference in even-numbered years.  It has been for the last 10 years,' he says.  'The struggle that I have with deception is that it adds complexity to an already complex environment, aggravating the problem. I am a fan of the Symantec approach. Symantec integrates deception into the Endpoint Protection agent. The single agent strategy mitigates my complexity objection,' Dickson says.

Image Source: Twinsterphoto via Shutterstock

Deception Technology

Deception technologies disrupt attackers by using decoys, deceit, and misdirection to delay and prevent breach progression.

Vendor: Cymmetria

Deception-based security platform and cloud services for hunting attackers, detecting lateral movement, and automating incident response.

Factors to Watch

  • MazeHunter platform for legally hacking back at attackers
  • Customized cloud hosted services
  • Early to market

Key Executives: Gadi Evron, founder and CEO is a former vice president of security strategy at Kaspersky Lab. Co-founder and CTO Imri Goldberg is a former officer of a cyber group within Israel's Unit 8200.

Founded: 2014

Vendor: Illusive

Automated system for deploying and adjusting deceptions across endpoints, applications, network elements, and data.

Factors to Watch

  • Uses AI and machine learning to deliver custom deceptions
  • Deployed across dozens of financial, healthcare, energy, and other organizations
  • Strategic partners/investors include Microsoft, Cisco, and Citi Ventures

Key Executives: CEO and Founder Ofer Israeli is a former executive at Check Point Software Technologies.

Founded: 2014

Analyst Commentary: "I have high hopes for deception, though the market appears mixed," Lindstrom says. "As our network perimeters continue to disappear, I think deception can play an important role in a security program." He points to Attivo, Trap-X, and illusive as market leaders.

Dickson is less bullish. Deception is a technology that appears to get popular periodically, he says. "This is the hottest topic at the RSA Security Conference in even-numbered years. It has been for the last 10 years," he says. "The struggle that I have with deception is that it adds complexity to an already complex environment, aggravating the problem. I am a fan of the Symantec approach. Symantec integrates deception into the Endpoint Protection agent. The single agent strategy mitigates my complexity objection," Dickson says.

Image Source: Twinsterphoto via Shutterstock

6 of 14
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
MarkS94105
100%
0%
MarkS94105,
User Rank: Apprentice
12/8/2017 | 2:28:08 PM
Story -> Potentially Valuable; Site -> Problematic Viewing and Printing
This topic and story is presented as a white paper.  To read the story, we must click the next arrow 13 times to see all 14 pages.  This is time consuming as the site loads so many advertisements.  There is no simple way to print the story, as the print function show only 1 of 14, 2 of 14, etc.  This may be by design, but I find it a serious barrier and will seek other sources for this material.  
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33347
PUBLISHED: 2021-06-18
An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur.
CVE-2021-33576
PUBLISHED: 2021-06-18
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.
CVE-2021-33577
PUBLISHED: 2021-06-18
An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.
CVE-2021-32536
PUBLISHED: 2021-06-18
The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks.
CVE-2021-21669
PUBLISHED: 2021-06-18
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.