- Website: http://www.cymmetria.com
- Company size (employees): 25
- Headquarters Region: North America
In 3 bullets, summarize why this company deserves recognition
1. Cymmetria’s MazeRunner is the only deception-based technology that has caught real APTs.
2. Cymmetria’s team consists of cyber deception and InfoSec veterans, military specialists, and APT and malware researchers.
3. As a pioneer in the realm of accountability in cybersecurity, Cymmetria recently announced that it is offering its enterprise customers warranty for up to $1 million for damages caused by APTs that are not caught by MazeRunner.
In less than 300 words, summarize the achievements of the company in the nominated category
Cymmetria uses cyber deception to hunt advanced attackers in organizational networks, focusing on attacker psychology instead of the attack itself. Our approach is about providing realistic hunting environments that work against advanced attackers. Cymmetria is the only cyber deception company that has caught and analyzed multiple APTs, as well as strands of previously unknown malware.
This is a new approach to the challenges that cyber defenders face, one that leverages the fact that defenders who know attack psychology can use this to gain the upper hand. It takes advantage of attackers’ mistakes, leading them through a path to where the defenders want them to be. MazeRunner gives a user-friendly, graphical way to place these deception elements. It lets organizations create and deploy breadcrumbs – elements of data such as windows credentials, private SSH keys, etc, which attackers look for in order to perform lateral movement. Once attackers follow these breadcrumbs they are either immediately detected or led toward a MazeRunner decoy, a real server which gathers all the information about the attack. All the files and commands that an attacker executes on a decoy are analyzed and fingerprinted. Our team members’ years of military and civilian security experience gives us an edge among competitors in building deception stories to hunt even the most advanced attackers.
Cymmetria is the only cyber deception company that has a Community Edition, which was released in July 2016 and has since been used by academics, presenters, colleagues, private companies, CISOs, and researchers all over the world. Cymmetria also recently started offering its enterprise customers warranty for up to $1 million for damages caused by APTs that are not caught by MazeRunner, a move that puts its efforts and philosophy at the forefront of accountability in the realm of cybersecurity.