'Decoy' Tracks, Traps Attackers

Blocking attacks on their networks is no longer enough for IT managers. Now, they want to track and even apprehend intruders.

To that end, a new security company called Recourse Technologies Inc. will unveil software next week that will give IT managers the ability to contain and actually take control of malicious activities being carried out by hackers.

Working in conjunction with a company's firewall, Recourse's ManTrap software directs hackers that have obtained unauthorized network access to a decoy system. Once the intruder is trapped inside the decoy, security managers can monitor hacking activity and gather data for prosecution.

The concept of decoy systems or “honey-pots,” which entice hackers by appearing to be legitimate systems with valuable information, is gaining momentum as attacks increase, industry experts said.

The increase in companies opening their networks to users and partners, moreover, is driving the need for such new tools.

To date “there aren't many [commercial decoy] tools, so organizations are forced to create their own capabilities,” said Peter Stephenson, director of technology for Enterprise Networking Solutions' global security division. As more companies look for ways to gather data on suspicious activity, decoy systems will become more important, said Stephenson, an expert in computer forensics.

Network Associates Inc. announced a similar product in April with CyberCop Sting. However, with no user feedback yet, the system is unproven.

ManTrap has been tested, at least in its early development stage. The software was developed at Exodus Communications, a provider of IT outsourcing services, where it was used as a “spoof box” for redirecting suspicious activity picked up by the firewall, said Frank Huerta, Recourse's president and CEO. Huerta, a former product manager at Exodus, and Michael Lyle, another former Exodus employee, decided to package the software and bring it to market.

Even in its early version, the spoof box was able to track and trap an intruder who hacked his way into one of Exodus' Linux systems, said Leroy Lacy, director of risk management and security at Exodus.

“He probably had root access on 2,000 [different] systems across the Internet,” Lacy said.

Even though the spoof box allowed Exodus to track and shut down the intruder, the box “was fairly labor-intensive,” Lacy said. “You had to do a lot of work to populate the box, so it would look like something that you weren't supposed to have access to.”

ManTrap, however, has more automated functions so users can customize the decoy system to fit their needs, said Lacy, who is beta testing the software.

Once ManTrap is installed on a server, it automatically creates false data sets, said Huerta. But a security manager can input names of company executives and other information “to give the server the look and feel of your business,” said Fred Kost, vice president of product marketing at Recourse.

ManTrap will be available in September at a cost of $3,495 per server.