Cybercriminals and nation-state hackers get more brazen in their attacks every day. Ransomware is now a routine way for criminals to shake down businesses — and even critical infrastructure providers such as US gas pipeline operator Colonial Pipeline — for cash, and cyber-espionage groups like Russia's SVR spy agency are reaching inside their targets' networks by compromising the software used by their victims.
But cyberattack-fighting technology and methods traditionally have steered clear of provocative or aggressive techniques. It's mostly been a strategy of detection, prevention, and response. With the exception of deception technology, defenders (and security vendors) mostly avoid aggressive or even offensive tactics for fear of it backfiring and the attacker shifting gears — or escalating the attack.
A startup with deep roots in the National Security Agency (NSA) has developed something somewhere in between: Trinity Cyber acts as a sort of benevolent man-in-the-middle managed security service that sits on Layer 2 at the gates of the enterprise network, inspecting and scrubbing incoming and outgoing malicious traffic without alerting the bad guys. The security service also can secretly mess with attackers by letting them believe their exploits are working. Take botnet operators communicating with infected endpoints or bots: "When the beacon goes to the controller to check in with all of the metadata" such as its country code, Trinity Cyber's service can alter that metadata information, notes Steve Ryan, co-founder and CEO of Trinity Cyber. Ryan doesn't hide his enthusiasm for the feature: "That's fun."
Or it can replace the bot operator's commands to an orga ..
Support the originator by clicking the read the rest link below.
