In Battle Against Hackers, Companies Try to Deceive the Deceivers - WSJ
An increasing number of companies are looking at an innovative approach to deal with hackers that break into their computer networks. They lure cybercriminals into thinking they’re getting close to the good stuff—and then they trap them.
That’s what Land O’Lakes, the suburban Minneapolis agricultural giant, is doing.
“Manufacturing-plant technology is difficult to protect, because those mills, generators and turbines were built 20 years ago with little consideration for security,” says Land O’ Lakes Chief Information-Security Officer Tony Taylor. If a hacker shuts down a dairy plant, “we lose hundreds of gallons of milk that we’ve already paid for. And we can’t make any butter.”
So, the company uses a tool called DeceptionGrid, created by Boston-based cybersecurity shop TrapX. The technology deploys an array of decoys and booby traps throughout the Land O’ Lakes network that mimic crucial information, to convince hackers that they have gotten access to the company’s crown jewels.
“Once any of the [decoys] are accessed or probed in any way, one centralized console alerts us, so we know to start investigating the source of that activity,” says Mr. Taylor. His team can then contain the intruder.
That’s what Land O’Lakes, the suburban Minneapolis agricultural giant, is doing.
“Manufacturing-plant technology is difficult to protect, because those mills, generators and turbines were built 20 years ago with little consideration for security,” says Land O’ Lakes Chief Information-Security Officer Tony Taylor. If a hacker shuts down a dairy plant, “we lose hundreds of gallons of milk that we’ve already paid for. And we can’t make any butter.”
So, the company uses a tool called DeceptionGrid, created by Boston-based cybersecurity shop TrapX. The technology deploys an array of decoys and booby traps throughout the Land O’ Lakes network that mimic crucial information, to convince hackers that they have gotten access to the company’s crown jewels.
“Once any of the [decoys] are accessed or probed in any way, one centralized console alerts us, so we know to start investigating the source of that activity,” says Mr. Taylor. His team can then contain the intruder.