Getty Images/iStockphoto

Dymium scares ransomware attacks with honeypot specters

Dymium, a security startup that recently emerged from stealth, offers ransomware defense for data stores with a network of honeypot traps for spoofing attackers.

Startup Dymium's new platform and so-called ghost technologies create honeypot traps at scale to haunt attempted ransomware attacks.

Dymium publicly launched its Dymium Platform and two additional services, Ghost File and Ghost AI, late last month after emerging from stealth. Since its founding in 2022, the security and data management company, headquartered in Los Gatos, Calif., has raised about $7 million in seed funding, led by Two Bear Capital.

The platform offers typical data management features including audit logs, policy controls and user permissions, but the new ghost services differentiate the offering by providing a system of honeypot decoys that map over a user's storage and data infrastructure.

Honeypots are network-attached systems used as decoys to trap and study unauthorized attempts at access. Whether in an enterprise's intranet or facing the public internet, honeypots distract more blunt hacking attempts by disguising tracking or quarantining programs as data stores and other IT resources.

Honeypots are a popular feature to harden security against ransomware due to their efficacy, said Krista Macomber, an analyst at Futurum Group. Automating decoy propagation at scale is a novel offering compared with smaller, more discreet honeypot services that competing vendors sell, she said, but it shouldn't be a substitute for other security tools such as threat detection services.

"This is going to work in concert with other technologies to fortify [the stack]," Macomber said. "I don't see [honeypots] as pervasive as threat detection [in the enterprise], but I wouldn't be surprised to see more going forward."

Ghost towns

The Dymium platform's new ghost services separate its offering from competitors, according to Denzil Wessels, CEO and co-founder of Dymium.

The Ghost File service conceals actual data stores by mimicking the enterprise data store configuration should an attack break through network and endpoint security, Wessels said.

The ghosts appear as real configurations, but will automatically block access if the software detects encryption or cypher modifications to data associated with ransomware, he said. The platform uses a machine learning engine and user-defined permissions, with the network facade having no impact on user performance.

"It's a misdirection service that understands everything about the users before it ever opens the door, so we can decide what data gets through," Wessels said.

Ghost AI provides a cloaking capability for personal identifiable information submitted through large language models (LLMs). Should a user submit a customer's address or other sensitive content into an LLM prompt, Ghost AI will substitute a fake piece of information for the prompt to process instead.

The ghost services echo offerings from cyber-resilience startup Halcyon, founded in 2021, which offers a security platform that stops data encryption during an attack, and cybersecurity startup Menlo Security, founded in 2012, which sells a secure web browser service, said Todd Thiemann, an analyst at TechTarget's Enterprise Strategy Group.

The Dymium platform is available as cloud SaaS or direct purchase as software or Docker container.

Potemkin pitfalls

Data stores can be difficult to protect against ransomware attacks that have already breached traditional security services, according to Jennifer Glenn, an analyst at IDC.

Unlike network security controls that rely on threat information, data isn't good or bad. The good or bad is what happens to it, and all of that is conditional.
Jennifer GlennAnalyst, IDC

User permissions and other controls might not catch unscrupulous behavior or the early signs of an attack, she said.

"Unlike network security controls that rely on threat information, data isn't good or bad," Glenn said in an email to TechTarget Editorial. "The good or bad is what happens to it, and all of that is conditional."

Blocking access to data is useful, but decoys cannot save or protect data from exfiltration if an attacker sees through the ruse, she added.

The rise of generative AI in ransomware, where threat actors use LLMs to generate phishing attempts and malicious code, will also create a new challenge to established security techniques like honeypots, Macomber said, as newly created code might evade detection systems.

"A tool like this continues to increase in value the more it's able to detect variant threats. The attackers are evolving," she said.

Decoy capabilities around enterprise data can require coordination among security and data IT teams, Thiemann said. Having decoys around the digital perimeter might help security sleep at night, but data teams know what assets are valuable and should be prioritized to save or guard, he said.

"You need to know what's important," he said. "There needs to be a line between the security folks and the line IT folks."

Tim McCarthy is a news writer for TechTarget Editorial covering cloud and data storage.

Dig Deeper on Threat detection and response

Enterprise Desktop
Cloud Computing