Gadi Evron, co-founder and CEO of Israeli security startup Cymmetria, said his company's MazeRunner cyber deception platform came from the "extreme frustration" experienced by many security professionals, including himself. "It's tough to go into work knowing you are going to lose and that if (attackers) want to get in, they will," he said. "In many ways attackers are stronger than we are. They are dynamic, while we are static."
Given the harsh reality that bad guys will find a way into networks no matter how many firewalls or anti-malware tools you deploy, companies are looking for approaches that help them more quickly detect the bad guys' presence.
Evron and co-founders Dean Sysman (CTO), Imri Goldberg (VP of Research and Development ) and Irene Abezgauz (VP of Product) decided that their product, unlike most traditional security solutions, would focus on attackers rather than attacks.
"The attacker is usually predictable. If they are predictable, we can exploit that," Evron said. "If you can control the information the adversary knows about you, you can potentially control the adversary and their actions."
MazeRunner entices attackers with credentials or other information -- which Cymmetria calls "bread crumbs" – convincing them to connect to a decoy virtual machine running a real operating system and real services where companies can then track their lateral movements. The method is similar to using honeypots, but more effective, said Evron, who also founded the Israeli government's Computer Emergency Response Team and worked for Kaspersky Labs.
"Honeypots can be fingerprinted quickly by criminals but virtual machines cannot be," he said, noting that because so many companies use VMs on their networks, attackers will not see them as a red flag. "Honeypots stopped evolving. They were used primarily for botnets and scanning attacks but did not advance to be able to handle things like APTs (advanced persistent threats)."
Deception Technology About to 'Explode'
Gartner calls this kind of an approach deception technology. It recognized it as one of the top 10 information security technologies of 2016 at its recent Security and Risk Management Summit. With interest growing, Evron said he expects 2017 to be the year for cyber-deception technology to "explode."
"It used to be an attacker only had to succeed once and we had to protect everything, all the time," he said. "With cyber deception, they only need to choose wrong once on any endpoint anywhere along the path of lateral movement in order for me to know they are there. It gives the defender control of the battlefield in a way."
Cymmetria is not the only startup offering deception technology. Others include Illusive Networks, TrapX and Attivo Networks. "We are all building a market together," Evron said.
Of course, Evron believes his product is the best. As proof, he notes that Cymmetria's technology earlier this summer discovered a new APT the company dubbed Patchwork.
Shortly after announcing its discovery of Patchwork Cymmetria released a free community edition of MazeRunner that can be downloaded from the company's website. "We are letting people try to break it and give us feedback," Evron said, noting that the community edition lacks some automation capabilities and other enterprise-centric features and is available only on Linux.
Cymmetria just published a blog post in which it detailed how it helped a community edition user discover an unusual attack.
Fast Facts About Cymmetria
Founders: Gadi Evron, Dean Sysman, Imri Goldberg, Irene Abezgauz
HQ: Palo Alto, Calif.
Product: Cymmetria’s cyber deception platform, MazeRunner, lets users dominate an attacker’s movements from the very beginning – and lead them to a monitored deception network.
Customers: Enterprise companies including major banks, security firms, large NGOs, Fortune 500 companies, aerospace and defense organizations
Funding: More than $10 million, with investors including Felicis Ventures, Sherpa Capital, Y Combinator, and Rally Ventures