© CEOCFO Magazine -
Lynn Fosse, Senior Editor
Steve Alexander, Associate Editor
Bud Wayne, Editorial Executive
Christy Rivers -
Valerie Austin -
Defending an IT, or an OT, Network with Deception Technology
CEO & Founder
Interview conducted by:
Lynn Fosse, Senior Editor, CEOCFO Magazine
Published – December 16, 2019
CEOCFO: Mr. Trama, what is the focus behind PacketViper?
Mr. Trama: Our goal from the beginning has been to use time-
CEOCFO: What do you understand at PacketViper about security that others miss?
Mr. Trama: Cybersecurity presents such a dynamic and complex challenge, and this is true whether you are defending an IT or an OT network, and PacketViper is equally effective in either situation, unlike a lot of IT security solutions. But back to your question, so much of what typically drives cybersecurity practices is reliant upon what has happened in the past. While there are certainly lessons to learn from the past, I’m always reminded of the investments disclaimer “past performance does not guarantee future results.” We can’t forget that the bad guys also study history, they have access to the same intelligence, and they are changing their approaches faster than we can keep up. Their past attack patterns do not always inform future attack strategies. That being said, I think there is an opportunity to more effectively deal with things in real-
CEOCFO: What have you developed to alleviate the problem?
Mr. Trama: What we have is a deception-
Our tagline, “lightweight deception, heavyweight results,” pinpoints the core message of our solution as it delivers tremendous value without complexity. Security in general is too complex and if solutions have to add complexity to keep their brand promise that makes things tough on the customer. So, whether our clients are relying on PacketViper to defend IT or OT networks, we use deception to detect, prevent and respond to threats internally and externally. In all PacketViper use cases, we know that introducing deception at the earliest stages of the attack cycle provides the best opportunity to thwart attackers. This is equally true whether you are trying to prevent outside threats from getting onto the network or if you are trying to reduce dwell time and eliminate internal threats.
I’ll expand on some of those points for proper context. First, we want to take it to the threats that are outside of the network and seeking to penetrate traditional, static border defenses. Typically, the attack efforts start with reconnaissance scans. For this use case we sit in in-
Finally, because we are frequently deployed in-
We also have a solution for the inside of the network. Because we have such a lightweight deployment model, we can saturate internal network segments with decoys and sensors that reduce dwell time catch lateral moving threats within the network. Furthermore, because of that focus we have on practical results, just like the way we actively block the bad guys that are outside from getting in, we can also take a variety of actions on the threats on the inside. These actions could include a very high-
CEOCFO: How do you deceive an attacker?
Mr. Trama: Our way of deceiving attackers is different than some of the other players in the category and completely unlike a traditional honeypot, which is what most people think of when they think of deception. There are also some proprietary methods that factor in, but I’ll do my best to explain briefly. Our deception is lightweight, agentless and does not require some shadow network infrastructure. Because with deception, if the method allows for it, more is certainly better and we enable that. We can easily saturate the perimeter and internal network segments with decoys that create treacherous paths for connections working outside of normal operating ranges, making the actual network and available services much harder to detect. Our software-
CEOCFO: I see from your website that you work in virtually every industry. What might be different in the approach from one industry to the next?
Mr. Trama: While it is true that security practices and approaches vary across industries, a lot of the principles we are discussing here are fundamental and cut across verticals. That’s why you see such a diverse mix in our client base. As far as the PacketViper approach, the types of decoys and deception artifacts will vary from one industry to another depending on what needs to be simulated to entice the threats. And then, depending on the nature of what is being protected, we do see certain types of businesses building out more robust deployments and elaborate deception environments than others. It’s not uncommon for us to see a healthcare organization that has to factor in things like HIPAA, or some other type of regulated industry seeking to be more aggressive with their deployments than other types of customers in non-
CEOCFO: When an organization is looking to make a change, how do they find PacketViper? What is the competitive landscape?
Mr. Trama: It is definitely a challenge to try and stand out today in IT security because it is such a noisy and crowded space. We have a sharp marketing team and we do a lot of the normal and customary things to stand out and be found by people looking to make a change. It can be tough, but what we know who our market is, we know who we have to talk to in terms of executive leadership, network and security teams. We rely on channel partners to help us go to market but we also assume a lot of responsibility for getting our message out there. As many people do, we go to a lot of events to help boost brand recognition. We do some of the large customary events, and we also like to attend smaller events that allow us a better chance to talk to the networking engineers also, and the folks on the frontlines. We do small conferences across the country where I will sit up and speak and talk to them about deception technology and the problems we can help solve in network security.
CEOCFO: What is involved in an implementation?
Mr. Trama: Implementations are relatively simple and we can typically demonstrate measurable value in the first 30-
CEOCFO: What type of reporting do you do and how do you pass on the information to the client about what you are finding and protecting. Do they care?
Mr. Trama: Absolutely, they do care. Security is about getting all the right information in the right time to make the best decisions. We do have two types of reporting modules inside PacketViper. We have a reporting module where the customer can schedule normal reports that tell them about traffic conditions, countries, the companies that are accessing different things within and that is set up in an automated fashion. Because PacketViper actually stores its own logs, we do not have to integrate with other systems, but we can if the customer would like to, and many do, especially those with a SIEM. We also have another module for detailed incident or exception investigations called the Advanced Analytics. What that tool is used for is to generate a more specific forensics report around a narrow period of time.
CEOCFO: Would PacketViper replace other security measures or would it work in conjunction as another layer?
Mr. Francesco: I am a firm believer in a layered approach to defense and as I mentioned earlier, we are not here to render prior spends on other technologies useless, so we definitely take pride in being an additional layer that makes other solutions more effective. As an example, it is not uncommon for our customers to be partially through the depreciation schedule of their firewalls and at their capacity for rules. Or maybe they are seeking to unclutter their SIEM solutions by reducing the unwanted clutter from lower value logs such as the firewall drops. Finally, we typically see clients trying to make the analysts job easier by reducing the size of the proverbial haystack, so the needles stand out better. In all of those situations, we deliver real, tangible complementary benefits. Our exterior facing deception typically gets up to 70% of the traffic away from the firewall. This settles things down greatly at the perimeter and that benefit carries on downstream to less clutter in the SIEM. And depending on the circumstances and specifics of the use case, this also could yield a favorable, hard dollar ROI.
CEOCFO: You spent twelve years in the military. What did you learn that helped you in the business world?
Mr. Trama: When I was in the military, I did two years of combat and the rest was thankfully a somewhat less stressful tour in Hawaii, which was great. I reflect back on my experience in the Army frequently when I think about my role as a leader in business and also as we strategize around our product roadmap. In terms of leadership, while in the military I was exposed to a lot of high-
CEOCFO: Why choose PacketViper?
Mr. Trama: Deceiving adversaries in times of conflict has been a proven tactic dating back to the beginning of recorded history. The problems we are talking about here are pretty universal and traditional cyber solutions, even those from the biggest brands, are known to have limitations. PacketViper delivers measurable benefits, it’s a great value and our deals are frequently done with risk-
“In all PacketViper use cases, we know that introducing deception at the earliest stages of the attack cycle provides the best opportunity to thwart attackers. This is equally true whether you are trying to prevent outside threats from getting onto the network or if you are trying to reduce dwell time and eliminate internal threats.”-