2017 North American Deception-based Cyber-security …Cyber-security Defense for Manufacturing Technology Leadership Award . ... while still defending their manufacturing and process

2017 North American Deception-based Cyber-security Defense for Manufacturing

Technology Leadership Award

BEST PRACTICES RESEARCH

© Frost & Sullivan 2017 2 “We Accelerate Growth”

Contents

Background and Company Performance ........................................................................ 3

Industry Challenges .............................................................................................. 3

Technology Leverage and Business Impact .............................................................. 3

Conclusion........................................................................................................... 7

Significance of Technology Leadership .......................................................................... 8

Understanding Technology Leadership .......................................................................... 8

Key Benchmarking Criteria .................................................................................... 9

Best Practice Award Analysis ....................................................................................... 9

Decision Support Scorecard ................................................................................... 9

Technology Leverage .......................................................................................... 10

Business Impact ................................................................................................. 10

Decision Support Matrix ...................................................................................... 11

Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices ................................................................................................................. 12

The Intersection between 360-Degree Research and Best Practices Awards ..................... 13

Research Methodology ........................................................................................ 13

About Frost & Sullivan .............................................................................................. 13



Background and Company Performance

Industry Challenges

The layers of criticality that make up industrial control systems (ICS) in today’s

manufacturing facilities begin with keeping production flowing smoothly and end with

representing the most vulnerable component of an operation; any attack on them poses

high-level risk involving loss of lives and critical services, destruction of property, and

downtime of an entire plant. In fact, ICS and especially supervisory control and data

acquisition (SCADA) systems within manufacturing facilities are increasingly vulnerable to

attackers due to the rise of the Industrial Internet. ICS are now based on open

architectures using standardized interfaces and are connected to both the Internet and

internal corporate networks. Essentially, they have begun to expand and cross traditional

boundaries (i.e., cross internal networks) - leaving them exposed to third-party intrusions

and massive disruption possibilities.

Moreover, legacy ICS and SCADA components needing protection have very limited CPU

memory, which makes it difficult to load security software into them. Despite the presence

of air-gapped perimeter and endpoint defenses, strict user policies, firewalls, intrusion

detection, and other legacy defense tools, Frost & Sullivan notes that today’s attackers

armed with advanced knowledge of ICS will eventually breach networks and penetrate

multi-layered cyber defenses. With attackers using sophisticated techniques, existing

perimeter-based defense strategies within the manufacturing industry generally cannot

detect new zero-day intrusions, advanced targeted attacks, and malicious insiders. Part of

the challenge stems from the fact that often times manufacturing facilities do not even

know that they are breached in the first place. Frost & Sullivan points out that this calls

for a new defense strategy that can provide increased visibility within manufacturing ICS

networks. Considering the need for improved defense solutions to mitigate these ever-

more complex challenges, Frost & Sullivan believes that companies that can provide a

network-based deception technology platform for manufacturing facilities to divert

attackers - while still defending their manufacturing and process control systems against

advanced attacks – will secure clear leadership positions in the market.

Technology Leverage and Business Impact

Commitment to Innovation

Strongly committed to providing deep visibility into any malicious activity within a

manufacturing ICS network and at the same time detecting, deceiving, and defeating

specialized cyber-attacks on manufacturing facilities, TrapX offers the DeceptionGrid 6.11

platform based on deception technology.



This platform deceives, detects and defeats cyber-attackers targeting ICS infrastructure

and components across an entire ICS network by first scanning the existing network, then

automatically provisioning a large number of varied deception components such as tokens

(lures) and traps (both emulated and fullOS), asas well as simulated network traffic

between the various deception components.

Understanding the growing concern over cyber attackers’ ability to move laterally (to

progressively move through a network) and locate high-value targets demonstrates the

unique technology leadership TrapX leveraged to deploy deceptive elements on the

endpoints, on the network, and on the application layer. This strategy leads to real-time

detection of cyber-attack movement across the entire manufacturing network, whether a

local network and/or cloud environment. Specifically, the company’s architecture consists

of automated deception tokens or endpoint lures, patented medium interaction traps or

decoys, and high-interaction full OS traps.

First, the tokens or lures (e.g., cached credentials, data base connections, network share)

that are embedded within real IT assets and appear as ordinary files, scripts, and

databases divert or deceive the attackers to the deployed traps. These traps, which can be

rapidly deployed at scale (as many as thousands) through automation, appear as or

emulate, a number of operational IT assets or attack surfaces such as specialized SCADA

components, servers, workstations, network switches, and routers. What largely

differentiates TrapX is that its underlying flexible technology allows these traps or decoys

to also emulate Internet of Things (IoT) devices, medical devices, ATMs, retail point-of-

sale (PoS) terminals, and components of the SWIFT financial network, for instance. To

engage the attackers deeper and divert them further, a smart-deception proxy now

extends the attacker to a full OS high-interaction trap, where customers are able to enter

fake data and applications.

All three layers are interconnected. Here is where Frost & Sullivan sees TrapX

DeceptionGrid’s unique contribution to the market: the integrated architecture, by

combining numerous deception components or techniques (e.g., tokens, traps, and fake

applications) into a single deception framework, presents maximum possible deception

surfaces to engage the attackers, waste their time (as they move around the network),

and ultimately engages them. A highly accurate alert is set off the moment an attacker

penetrates a manufacturing network and touches a DeceptionGrid trap. TrapX has several

integrations with other cyber security vendors in order to trigger a response. Real-time

forensics and analysis enable security operations teams to disrupt any attack. As such, the

integration of DeceptionGrid with the network and security ecosystem works to contain

the attacks, quarantine suspicious endpoints, deliver threat intelligence and

comprehensive forensics data, and enable normal operations to resume.

Frost & Sullivan applauds TrapX for demonstrating powerful technology leadership and an

industry best practice in keeping customers informed in real-time about what is happening

within their networks and providing immediately actionable insights. This approach is



clearly exemplary, as it helps customers to minimize the risk to intellectual property/data

theft, IT assets, critical infrastructure, and impact on business operations by informing

them of a breach as it is happening.

Commitment to Creativity

TrapX truly differentiates itself from the conventional perimeter defenses, signature-based

tools and intrusion-detection methods by providing highly accurate alerts. DeceptionGrid

alerts are not probability based - they are very close to 100%. No one should be touching

a trap or lure within the network. If they do it is almost 100% certainty that an attacker,

malicious insider, or targeted malware tool such as ransomware have penetrated the

internal network.

Response is enhanced by the use of components such as an enhanced Automated Incident

Response (AIR) module and CryptoTrap security modules. Indications of compromise

(IOCs), which are identified by DeceptionGrid traps, trigger a forensic analysis of

suspicious endpoints. The AIR module then performs a complete and rapidly automated

forensic analysis of any suspicious endpoints. The CryptoTrap module, on the other hand,

deceives, contains, and mitigates ransomware attack and protects the actual resources by

creating traps appearing as valuable network shares to ransomware. This module also

simultaneously disconnects the source of the attack. By virtue of these superior

functionalities/core components when pitted against competing solutions, Frost & Sullivan

finds that TrapX has engineered a comprehensive deception platform that can entice and

deceive attackers at every step.

With the aim to deliver an enriched ownership and user experience, TrapX has also

designed DeceptionGrid with visualization techniques, attack identification, and flexible

deployment options for simple migration. TrapX considers the visual representation of an

attacker’s activities and attack identification as powerful elements of success.

DeceptionGrid, therefore, was designed so a security operations team can easily and

completely visualize and understand an attacker’s activities. This is due to the fact that

the platform delivers real-time visibility of all scenarios ranging from the point of intrusion

through the assets tampered with - and eventually the final containment. Moreover, a

powerful attack identification feature identifies the nature, source, and intent of an attack,

no matter if it is a human attacker or an automated tool. The industry best practice

demonstrated by TrapX here is that the platform empowers the customer’s security

operations team to not only view and understand the attack but also devise corresponding

containment methods. DeceptionGrid is designed to be deployed either on premise or in

the cloud and can also be deployed through a managed security service provider (MSSP).

Frost & Sullivan feels that the aforementioned core components, unique design attributes,

and flexible deployment options will help TrapX further increase adoption of its

DeceptionGrid platform.



Scalability

Automated provisioning and maintenance of deception components, as well as easy

integration with existing operations, enable rapid deployment in large enterprises with no

changes to the manufacturing network infrastructure. Such automated provisioning not

only supports large manufacturing enterprises concerning scalability, but also eliminates

the costs associated with manually configuring individual deceptive elements.

DeceptionGrid removes the need for human intervention, and Frost & Sullivan applauds

TrapX for designing a platform that eliminates logistical challenges associated with large-

scale provisioning and maintenance of deception components.

Application Diversity & Customer Acquisition

DeceptionGrid is incredibly applicable across industries. Another exemplary best practice

demonstrated by TrapX is in enabling its customers to use DeceptionGrid for varied

applications. This is because its deception technology can emulate industry-specific traps

such as medical devices, ATMs, point-of-sale terminals and Internet of Things (IoT)

devices; therefore, the platform has boosted the company’s success in demonstrating

technology leadership not only in manufacturing, but also in drawing the attention of

major companies from a wide range of industries - including healthcare, government,

technology, financial services, retail, and utilities. TrapX currently has 300 customers

across the United States, Europe, Israel, and Asia-Pacific. Some of the leading companies

that have deployed DeceptionGrid are Unilever, Pearl River Resort, John Muir Health,

PRISA, MedeAnalytics, Berwin Leighton Paisner, and Outbrain.

With regards to expansion into more target accounts and go-to-market strategies, TrapX

works in concert with its partners. The company has a business development and

partnership strategy that hinges on close working relationships, especially with service

providers, resellers, and technology partners. TrapX has built an extensive ecosystem of

partners across the globe and works with a number of integration partners. It has forged

strong partnerships with some of the most prominent technology companies in the

industry, including McAfee (security innovation alliance), CISCO, and ForeScout. These

strong relationships have proven to be quite advantageous for TrapX as its partners can

enhance customer value and speed of implementation, as well as provide the market

reach that TrapX needs. For instance, its partners can take TrapX products and services

directly to market under a software-as-a-service (SaaS) business model. By boasting large

application diversity and a strong partnership strategy, Frost & Sullivan expects TrapX to

further strengthen its position in the coming years.

Growth Potential

A solid product and technology strategy and support from investors will likely accelerate

the growth potential of TrapX. Continuous and accelerated innovations starting from

DeceptionGrid version 5.1 (with deceptive elements on the network and endpoint),



followed by version 5.2 (medical device emulations by traps), to the latest version 6.11

have helped TrapX attract customers and thereby accelerate its growth potential. Version

6.11 features deception components on the application layer, SWIFT/ATM emulations by

traps, support for IoT devices such as smart lights and security cameras, support for the

Amazon EC2 and KVM Hypervisor cloud environments, and the ability to maintain

convincing and deceptive network traffic among the traps to engage the attackers.

Constantly providing its customers and partners with newer features and unique value

propositions fortifies the company’s potential to expand the scope of applications for its

solution.

Moreover, support from investors such as BRM Group, Liberty Israel Venture Fund, LLC,

Opus Capital, Intel Capital, and Strategic Cyber Ventures is expected to enhance TrapX’s

team size, working capital, and customer engagement going forward.

Conclusion

Unlike other security solutions that work at the perimeter, TrapX ’s DeceptionGrid is

strikingly different by working at the core of the network and within mission-critical

infrastructure to provide real-time breach detection and prevention. Therefore, through its

highly reliable and secure DeceptionGrid technology featuring multi-tier deception

architecture, TrapX has leveraged its capabilities to render unmatched value and solidify

its position in the deception-based cyber-security defense for manufacturing space.

This unique deception technology, using deception tokens (lures) and medium and high-

interaction traps, addresses security issues in a deeper and more sophisticated way by

deceiving attackers at every level and helping manufacturing organizations defend their

systems against advanced attacks. DeceptionGrid creates a way for customers to

proactively bait attackers in the network by setting traps. In gaining visibility across all

corners of the operation, manufacturing organizations are alerted the exact moment they

have been breached. DeceptionGrid provides them not only automated and highly

accurate insight into malicious activity, but also rapidly detects, analyzes, and defends

against cyber-attacks in real time. TrapX has clearly enhanced the value proposition for its

customers, thereby setting a high standard in the deception-based cyber-security defense

landscape.

With its strong overall performance, TrapX has earned the 2017 Frost & Sullivan

Technology Leadership Award.



Significance of Technology Leadership

Technology-rich companies with strong commercialization strategies benefit from the

increased demand for high-quality, technologically-innovative products. Those products

help shape the brand, leading to a strong, differentiated market position.

Understanding Technology Leadership

Technology Leadership recognizes companies that lead the development and successful

introduction of high-tech solutions to customers’ most pressing needs, altering the

industry or business landscape in the process. These companies shape the future of

technology and its uses. Ultimately, success is measured by the degree to which a

technology is leveraged and the impact that technology has on growing the business.



Key Benchmarking Criteria

For the Technology Leadership Award, Frost & Sullivan analysts independently evaluated

two key factors—Technology Leverage and Business Impact—according to the criteria

identified below.

Technology Leverage

Criterion 1: Commitment to Innovation

Criterion 2: Commitment to Creativity

Criterion 3: Technology Incubation

Criterion 4: Commercialization Success

Criterion 5: Application Diversity

Business Impact

Criterion 1: Financial Performance

Criterion 2: Customer Acquisition

Criterion 3: Operational Efficiency

Criterion 4: Growth Potential

Criterion 5: Human Capital

Best Practices Award Analysis for TrapX

Decision Support Scorecard

To support its evaluation of best practices across multiple business performance

categories, Frost & Sullivan employs a customized Decision Support Scorecard. This tool

allows our research and consulting teams to objectively analyze performance, according to

the key benchmarking criteria listed in the previous section, and to assign ratings on that

basis. The tool follows a 10-point scale that allows for nuances in performance evaluation.

Ratings guidelines are illustrated below.

RATINGS GUIDELINES

The Decision Support Scorecard is organized by Technology Leverage and Business Impact

(i.e., These are the overarching categories for all 10 benchmarking criteria; the definitions

for each criterion are provided beneath the scorecard.). The research team confirms the

veracity of this weighted scorecard through sensitivity analysis, which confirms that small

changes to the ratings for a specific criterion do not lead to a significant change in the

overall relative rankings of the companies.



The results of this analysis are shown below. To remain unbiased and to protect the

interests of all organizations reviewed, we have chosen to refer to the other key

participants as Competitor 2 and Competitor 3.

Measurement of 1–10 (1 = poor; 10 = excellent)

Technology Leadership

Technology

Leverage

Business

Impact Average Rating

TrapX 9.5 9.5 9.5

Competitor 2 8.0 8.0 8.0

Competitor 3 7.0 7.0 7.0

Technology Leverage

Criterion 1: Commitment to Innovation

Requirement: Conscious, ongoing development of an organization’s culture that supports

the pursuit of groundbreaking ideas through the leverage of technology

Criterion 2: Commitment to Creativity

Requirement: Employees rewarded for pushing the limits of form and function, by

integrating the latest technologies to enhance products

Criterion 3: Technology Incubation

Requirement: A structured process with adequate investment to incubate new

technologies developed internally or through strategic partnerships

Criterion 4: Commercialization Success

Requirement: A proven track record of successfully commercializing new technologies, by

enabling new products and/or through licensing strategies

Criterion 5: Application Diversity

Requirement: The development of technologies that serve multiple products, multiple

applications, and multiple user environments

Business Impact

Criterion 1: Financial Performance

Requirement: Overall financial performance is strong in terms of revenues, revenue

growth, operating margin, and other key financial metrics.

Criterion 2: Customer Acquisition

Requirement: Overall technology strength enables acquisition of new customers, even as

it enhances retention of current customers.

Criterion 3: Operational Efficiency

Requirement: Staff is able to perform assigned tasks productively, quickly, and to a high-

quality standard.



Criterion 4: Growth Potential

Requirements: Technology focus strengthens brand, reinforces customer loyalty, and

enhances growth potential.

Criterion 5: Human Capital

Requirement: Company culture is characterized by a strong commitment to customer

impact through technology leverage, which in turn enhances employee morale and

retention,

Decision Support Matrix

Once all companies have been evaluated according to the Decision Support Scorecard,

analysts then position the candidates on the matrix shown below, enabling them to

visualize which companies are truly breakthrough and which ones are not yet operating at

best-in-class levels.

High

Low

Low High

Bu

sin

ess I

mp

act

Technology Leverage

TrapX

Competitor 2

Competitor 3



Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices

Frost & Sullivan Awards follow a 10-step process to evaluate Award candidates and assess

their fit with select best practice criteria. The reputation and integrity of the Awards are

based on close adherence to this process.

STEP OBJECTIVE KEY ACTIVITIES OUTPUT

1 Monitor, target, and screen

Identify Award recipient candidates from around the globe

Conduct in-depth industry research

Identify emerging sectors

Scan multiple geographies

Pipeline of candidates who potentially meet all best-practice criteria

2 Perform 360-degree research

Perform comprehensive, 360-degree research on all candidates in the pipeline

Interview thought leaders and industry practitioners

Assess candidates’ fit with best-practice criteria

Rank all candidates

Matrix positioning of all candidates’ performance relative to one another

3

Invite thought leadership in best practices

Perform in-depth examination of all candidates

Confirm best-practice criteria Examine eligibility of all

candidates Identify any information gaps

Detailed profiles of all ranked candidates

4

Initiate research director review

Conduct an unbiased evaluation of all candidate profiles

Brainstorm ranking options Invite multiple perspectives

on candidates’ performance Update candidate profiles

Final prioritization of all eligible candidates and companion best-practice positioning paper

5

Assemble panel of industry experts

Present findings to an expert panel of industry thought leaders

Share findings Strengthen cases for

candidate eligibility Prioritize candidates

Refined list of prioritized Award candidates

6

Conduct global industry review

Build consensus on Award candidates’ eligibility

Hold global team meeting to review all candidates

Pressure-test fit with criteria Confirm inclusion of all

eligible candidates

Final list of eligible Award candidates, representing success stories worldwide

7 Perform quality check

Develop official Award consideration materials

Perform final performance benchmarking activities

Write nominations Perform quality review

High-quality, accurate, and creative presentation of nominees’ successes

8

Reconnect with panel of industry experts

Finalize the selection of the best-practice Award recipient

Review analysis with panel Build consensus Select recipient

Decision on which company performs best against all best-practice criteria

9 Communicate recognition

Inform Award recipient of Award recognition

Present Award to the CEO Inspire the organization for

continued success Celebrate the recipient’s

performance

Announcement of Award and plan for how recipient can use the Award to enhance the brand

10 Take strategic action

Upon licensing, company is able to share Award news with stakeholders and customers

Coordinate media outreach Design a marketing plan Assess Award’s role in future

strategic planning

Widespread awareness of recipient’s Award status among investors, media personnel, and employees



The Intersection between 360-Degree Research and Best Practices Awards

Research Methodology

Frost & Sullivan’s 360-degree research

methodology represents the analytical

rigor of our research process. It offers a

360-degree-view of industry challenges,

trends, and issues by integrating all 7 of

Frost & Sullivan's research methodologies.

Too often companies make important

growth decisions based on a narrow

understanding of their environment,

leading to errors of both omission and

commission. Successful growth strategies

are founded on a thorough understanding

of market, technical, economic, financial,

customer, best practices, and demographic

analyses. The integration of these research

disciplines into the 360-degree research

methodology provides an evaluation

platform for benchmarking industry

players and for identifying those performing at best-in-class levels.

About Frost & Sullivan

Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth

and achieve best-in-class positions in growth, innovation and leadership. The company's

Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined

research and best practice models to drive the generation, evaluation and implementation

of powerful growth strategies. Frost & Sullivan leverages more than 50 years of

experience in partnering with Global 1000 companies, emerging businesses, and the

investment community from 45 offices on six continents. To join our Growth Partnership,

please visit http://www.frost.com.

360-DEGREE RESEARCH: SEEING ORDER IN

THE CHAOS

http://www.frost.com/

Documents

2017 North American Deception-based Cyber-security …Cyber-security Defense for Manufacturing Technology Leadership Award . ... while still defending their manufacturing and process