Cyber Deception vendor TrapX primes for expansion with new $18 million Series C round

TrapX focuses on IoT protection as well as IT, and their go-to-market strategy includes an MSSP channel which sells down into the midmarket and the SMB.

Today, San Jose-based cybersecurity vendor TrapX, fresh off significant upgrades to their platform, is announcing that they have completed an $18 million Series C funding round. The new round is led by Ibex Investors, and also includes existing TrapX investors like Strategic Cyber Ventures, Liberty Israel Venture Fund, Intel Capital, BRM Group and Opus Capital.

TrapX, whose lineage is from the Israel security sector, and which was incorporated in 2012, plays in the Cyber Threat Detection and Response space.

“Our journey has gone from having an innovative technology to having a realization that as a company, we are not just selling a product – we are selling a strategy,” said Ori Bach, General Manager and VP of Products at TrapX Security. “I recently met with multiple CISOs at an event, and they all emphasized that deception technology is a different way of thinking.”

Bach emphasized that deception technology has evolved significantly since TrapX’s early days.

“As this market was forming, there was a philosophical discussion about where it is best to deceive attackers – at the endpoint, at the network level, or at the data and application levels,” he said. “So companies focused on either the endpoint, network, or data and application layer. We focused on the network layer. That way of looking at things is now over. The market is now defined. You need to do protect all of these, because attackers don’t care about those buckets.”

Deception technology protects against vulnerable assets by leveraging traditional honeypot technology with automation capabilities to proactively detect and defeat threats which have made it inside the firewall.

“One approach to doing this is to take legacy honeypots and scale them out,” Bach said.  “From Day One, we decided that was faster to market, but would fail on scale because it would consume too many resources. Instead we focus on our patented emulation engine, which spins up fake attackers at a huge economy of scale, That’s differentiation one for us.”

Coverage into the operational technology space is the second, Bach said.

Ori Bach, General Manager and VP of Products at TrapX Security

“Most vendors have targeted only the IT space, the IT assets,” he said. “We have always been driven by a forward-looking approach toward covering the future, and we believe that the Internet of Things was the next battleground in cyber. We have put a lot of effort into IoT devices – anything that can be connected to the network.”

Their customers fall into two buckets.

“One are enterprises, which can really be from the midmarket and up, that have a SOC team, although this doesn’t take more than one person,” Bach said. “The other bucket is served through MSSPs and is lower end of midsize up to high end of SMBs. They consume it as a service. We don’t require a device to be protected by an agent, as we just create a fake laptop. That’s attractive for SMBs.”

TrapXhas had an MSSP partner program since 2014, and its goal is to support a fairly select number of MSSP partners.

“Our experience is that the MSSP has to provide value, and having partners who don’t provide that would diminish the value of our offering,” Bach said. They have a certification program for partners.

They also have an important, if selective, strategic partnership strategy.

“Our partnering strategy is focused on collaborating and integrating with other IT security vendors, which include Check Point, Cylance, Palo Alto Networks and ForeScout, because what customers need can’t be secured by any single vendor,” Bach said.

Despite their heavy emphasis on OT, TrapX has no telemetry-focused OT vendor partnerships.

“We have looked at partnering with different types of OT providers, but our strategies don’t match,” Bach said. “They focus on getting companies to replace legacy infrastructure, while our focus is to work with end customers around maintaining and securing existing infrastructure – not throw it out.”

In late May, TrapX announced the release of the 6.3 version of their DeceptionGrid platform, with the major innovation being enhancements to both the scale of the decoy Traps as well as their intelligence.

“We have used threat research to look at how attackers use different types of social engineering to both breach and move laterally within the network, and we have significantly increased  this entity of fake users we deploy to the point where it is a virtual army,” Bach said. “In addition to improving the quantity of traps, we have also enhanced the quality, with an exponentially greater level of sophistication. You won’t have things like fake users that have never logged in, so they will be much more credible to an outsider.”

Part of the new announcement is a followup to the platform enhancements, with the creation of the DeceptionNet Community to let both TrapX and third-party users share deception strategies, as well as have access to new content.

“We have created a collaborative space where users can upload and download content, and collaborate on information and on strategies,” Bach said. “Once a decoy is touched, it is inherently less valuable, so it has to be dynamic to overcome this, with things like hosting changes. The Community lets users change different types of attributes and share the tactics that they use to stay ahead of attackers in the cat and mouse game.”

Bach related how TrapX intends the use the new funding round to fuel further expansion.

“It will be in two areas,” he said. “First, we have always been focused on innovation and will continue to double down on that to stay ahead of emerging attack vendors, particularly in the IoT and the cloud. We are making made huge investments there. Secondly, we are expanding geographically, both globally as well as in the U.S, and to new verticals as well as new countries.”