How do you define automated moving target defense in the context of your market? 

PacketViper's Automated Moving Target Defense Technology works differently from other moving target defense tools and technology approaches, with an emphasis on practical problem solving, including threat prevention, detection and response without complex orchestrations using unique features that are native to PacketViper.  As a category, AMTD is an emerging technology within cybersecurity. Other early innovations in the category emphasize techniques and use cases that require a high degree of technical acumen and skill, and deep integration across multiple technology platforms.  PacketViper AMTD is designed to make cyber-attacks difficult by misleading threats early and often throughout the attack cycle, and by providing a tool that not only identifies malicious activity very early in the cyber kill-chain, but also prevents further progress without requiring complex orchestrations between security solutions.  Our primary goal is to restrict a would-be attacker's ability to gain an understanding of the underlying assets in any layer of the network, identify vulnerabilities, probe for misconfigurations, and run remote exploit attempts.

Using PacketViper AMTD to actively detect, prevent and respond to threats early in the cyber kill chain (during reconnaissance) provides the most valuable additional security and operational benefits to clients of every size and scale in all critical infrastructure market sectors.  PacketViper deceptive elements and context capabilities incorporating AMTD principles makes client networks virtually impossible to understand through reconnaissance. This practical application of the technology reduces the amount of "noise" on the networks being protected and acts as a force multiplier to increase the effectiveness of all other security controls. Internally deployed AMTD elements detect and respond to threats moving laterally within the network with virtually no false positive impacts. Threats are automatically stopped from exfiltrating data or establishing command and control communications to external hosts.

We define automated moving target defense as a multi-layer external and internal boundary defense strategy where PacketViper Product Families (OT360™ & OTRemote™ -  IT360™  - and Deception360™) are able to leverage patented in-line agentless deception technology combined with context filtering capabilities to present what appears to be a target-rich, but amorphous boundary network instance that can detect, throttle, block and blacklist any connection attempt that interacts with AMTD elements presented by the technology.

What are your primary automated moving target defense related offerings (i.e. list of offerings and what they do)? 

PacketViper Product Families OT360™ & OTRemote™ - IT360™ - and Deception360™ all deliver PacketViper AMTD capabilities.  OT360 & OTRemote are designed and positioned for OT/ICS primary, secondary and unattended remote facilities that are part of the OT/ICS infrastructure.  IT360 and Deception360 are IT focused solutions for datacenter, primary, secondary and cloud environments. These solutions also incorporate multi-context filtering and agentless deception capabilities that protect external and internal segments of IT networks leveraging the principles of an active and automated moving target defense schema.

What is the primary automated moving target defense innovation that you target to deliver value? 

PacketViper AMTD creates what appears to be a false front boundary to unwanted, unneeded, suspicious, and potentially malicious network traffic that encounters the boundary.  PacketViper AMTD is designed to be saturation friendly, false positive free, and deployed in-line (out-of-line non-blocking deployments are also supported), which enables clients to be very aggressive in interdicting traffic.  PacketViper customers typically experience significant boundary noise reductions, ranging from 30% to 70% of total inbound traffic without any negative impact on network operations or service availability.

What are the most important automated moving target defense differentiators you offer the market?

PacketViper AMTD does not require any specialized equipment, extensive integration, or expensive and hard to find threat hunting talent to enable and operate the solution.  Sys Admin resources or junior-level security staff with modest experience can become proficient with PacketViper AMTD in just a few short weeks. 

PacketViper AMTD technology does not produce more alerts but can deploy in-line to actively block and contain threats.  

PacketViper AMTD technology is active and agentless and provides immediate value in any type of network or specialized client environment.  The patented technology doesn’t just tell you about some security event that happened a few minutes (or much longer ago), it blocks or contains the event, then sends the notification and alert.

What are your most important business differentiators (i.e. primary value propositions) that you offer the market? 

PacketViper understands that commercial engineering can be nearly as important as technical capabilities when supporting client environments.   Our commercial differentiators are designed to create real and immediate value for our clients.  Our goal is to be quickly responsive and easy to do business with.   Standard Order terms and conditions fit on the back of the single-page order form.   PacketViper provides purpose-built hardware as well as maintenance and support on that hardware at no-cost as a standard part of the go to market strategy, no matter the scope or the scale of the hardware required for all non-Enterprise License Agreement contracts.   PacketViper holds multi-year contract pricing levels fixed and firm for the entire length of multi-year contracts, no matter the length of the agreement.  Above all, PacketViper is committed to providing innovative yet practical security solutions that yield Better, Faster, and Less Expensive security without complex integrations or costly rip and replace projects.

PacketViper AMTD reduces costs and creates extraordinary value for security, network, operations, and compliance teams in a variety of critical areas:

• Significant network traffic / noise reduction (far less network noise means smaller event haystacks and shinier, easier to identify threat needles AND dramatic decreases in ongoing costs for volumetrically priced Managed SIEM and Managed SOC services).

• Significantly lower firewall utilization percentages (reduced load = longer platform useful economic life without unplanned forklift upgrade for feature expansion).

• Dramatic decrease in False Positive events (reduces SOC workbench load, yields faster time-to-respond for SOC and network analysts).

• 100% Real-time North/South + East/West visibility (all the traffic that crosses any boundary flows across the AMTD-enabled PacketViper bridge connection and is inspected and posted into active dashboards for visualization and disposition).

• Threat Containment.  PacketViper AMTD-enabled Solutions that are deployed in-in line can contain threats in the impacted segment or at the breached location at wire speed. (Dramatically reduces the sprawl-related disruption caused by security events, minimizes the costs of recovery, and significantly reduces the time to recover from the security event.

• No integration is required with any other technology to realize immediate, measurable, and demonstrable results.

• Granular packet-level multi-context defense capability (provides active and demonstrable compensating controls for legacy systems, unsupported devices, and high-risk environments).

• Proprietary GNL (Global Network Lists) enable real-time dashboard tracking of 3rd Party / Vendor Activity across the network (AMTD provides a behavior-based enforcement mechanism with 3rd party attribution for vendor-cause security policy violations within every in-scope environment).

• Multiple layers of simple yet detailed and summary reporting that directly support compliance initiatives without the need for specialized or customized reporting architectures.  (Dashboards, summary, detailed, analytical and trending reports are available natively on the PacketViper platform).

• Secure Compute Platform for Remote OT Locations (PacketViper AMTD enabled OTRemote™ appliances enable KVM support for other information security or OT/ICS visualization tools in hard-to-serve environments.  This eliminates the need for a dedicated industrial server, and all the acquisition, environment make-ready, physical deployment, operating, monitoring, scanning, patching and remediation costs and efforts that accompany field server instances).

What are the critical business outcomes/measurable results that your technology/solution provides to your customers?

PacketViper Critical Business outcomes are quite simple:  Better, Faster, & Less Expensive Security.

For a partial listing of demonstrable outcomes and measurable operational and financial results please see the list in the Most important business differentiators (i.e. primary value propositions) section of the questionnaire directly above.

What use cases are the current focus of your technology/solution development features and capabilities?

Current PacketViper OT/ICS and IT use cases include Multi-layer Boundary defense & threat prevention; Internal network threat detection; Automated threat response; Threat hunting; Threat containment; 3rd Party/Vendor on-network activity policy enforcement; Compensating Security Control for high-risk environments (M&A / Partner / Vendor), network segments, and for manufacturer forced obsolescence of critical assets (unsupported devices).

What are the future use cases to which your technology will be developed?

PacketViper is currently developing DI/DO & Serial integration on OTRemote™ appliances for direct SCADA control at primary, secondary and attended/unattended Remote Facilities to enable control system operator network intervention in the event of a declared emergency or disaster.   Also, under development for OTRemote appliances are secured managed hub and switch capabilities for remote locations that require intra-site visibility and interdiction mechanisms into laterally moving traffic between devices.