deceptionGUARD by GrayMatter deploys industry-specific decoys and sirens that automatically stop attackers before they hit critical, operational assets. deceptionGUARD works at the network perimeter to divert attacks, not lure them in.

1. deceptionGUARD:
Deception Technology
for OT Cybersecurity
| GRAYMATTER | GRAYMATTERSYSTEMS.COM

2. Who is GrayMatter?
CONSULTING
We help your people
and your industrial
assets become
smarter and more
visible.
IMPLEMENTATIO
N
We’re a services-first
company that starts with
your problem and works
backwards to help you
fix it.
TECH CURATION
We focus on co-
innovation & curating the
best process and
technologies to drive
industrial, digital
transformations.

3. Industrial Intelligence
INDUSTRIAL
CYBERSECURITY
CONNECTIVITY
BRILLIANT
OPERATIONS
ADVANCED INDUSTRIAL
ANALYTICS

4. deceptionGUARD
Deploying
Deception
Industrial specific
decoys and sirens
That automatically
trap attackers before
they hit critical assets.
Guarding
Experienced
cybersecurity team
that specializes in
operational technology
at industrial
organizations.

5. Vision Statement
GrayMatter knows Industrial Intelligence.
We help your people and industrial assets
become smarter and more visible, securely.

6. Our Core Values
ACCOUNTABILITY
INTEGRITY
RESPECT
INNOVATION
TEAMWORK

7. END TO END VISIBILITY - SECURELY
Lorem ipsum dolor sit amet adipiscing. Donec risus dolor, porta
venenatis nequepharetra luctus felis vel tellus nec felis.
Brilliant Operations
Motion Control
Sensors +
Networking
Industrial PLC
Machine Safety
Industrial
Connectivity
Automation
+ Control
Performance
Management
Historians
Batching Systems
Reimagining UX/UI
ISA 101
MES
Downtime/OEE
Quality
Dashboarding,
Reporting
Machine Learning
Predictive Analytics
Cloud Strategies
Advanced
Industrial
Analytics
Industrial Cybersecurity Protection
emPOWERGUARD deceptionGUARD
Risk Assessment

8. Internet Zone Cloud
IoT
Zone
Enterprise Zone
Enterprise Network
Site Business Planning & Logistics
Level 5
Level 4
Demilitarized Zone (DMZ)
FIREWALL
FIREWALL
Manufacturing Zone
Cell/Area Zone
Area Supervisory Control
Basic Control
Process
Site Manufacturing Operation/Control Level 3
Level 2
Level 1
Level 0
Safety Zone Safety Control

9. Emerging Market Drivers:
Deception Tech
⬡ COVID-19 is driving a higher need for remote
connectivity into operational environments
⬡ Countries where cybersecurity threats commonly
originate require security that’s easily geo-
targeted
⬡ Deception is the primary tool of ransomware &
other increasingly common types of attacks

10. Legacy Market Drivers:
Deception Tech
⬡ Aging ICS equipment at risk as more vulnerabilities
are disclosed
⬡ Modernization efforts such as digital transformation,
Industry 4.0 require more connectivity bringing new
risks into the OT environment
⬡ Traditional security offerings lack industrial know-
how, defense-in-depth & ability to learn from
attempted attacks

11. CUSTOMER ISSUES
LIMITED SECURITY
RESOURCES
Organizations
focus on protecting
the enterprise or its
infrastructure, with
few resources dedicated to
the OT or process
infrastructure
REACTIVE
APPROACH
With a focus on
AIC (availability, integrity.
confidentiality) priority
paradigm, companies
make changes only after
an incident occurs
INDUSTRIAL
KNOWLEDGE
Knowledge of ICS
networks & how they
are targeted is not
reflected in most
security options
PERIMETER
DEFENSE
Many OT networks
have little to no
perimeter, making it
difficult to harden &
protect critical assets
LACK OF SECURITY
& NETWORK
AWARENESS
Many production networks
lack an understanding of
connections, asset
behavior, threat vectors

12. Solution
Overview
deceptionGUARD
by GrayMatter
deploys low-impact targets,
luring attackers to a trap,
allowing companies to develop
counterintelligence strategies
that prevent
critical assets from exposure.
ENTERPRISE
NETWORK
INTERNET FIREWAL
L
deceptionGUARD
OT NETWORK

13. New Approach
Deception as a strategy puts operational
technology on offense, not defense.

14. New Approach
deceptionGUARD diverts threats away
from a company’s revenue-generating
assets, rather than “inviting threats in.”

15. New Approach
Protection is at the network perimeter,
preventing breaches from occurring.

16. Technical Advantage
By deploying as a transparent bridge on both sides of
a perimeter firewall deceptionGUARD can:
● Detect traffic source by region or Global Network
(Google, YouTube, Facebook etc.)
● Track user data flow: what ports are open, source and
destination data, attempts to connect etc.
● Control data type allowed (email, smtp, port, etc.)
● Throttle or block communications
● Determine how traffic flows in case of failure
● Prevent data extraction or insertion

17. Technology Differentiators
Vendor Agnostic
We build sirens &
decoys using customer
traffic
and create deceptive
assets from networked
OT
devices
Passive or Active
deceptionGUARD can
deploy in mirror mode,
as a network span, or
inline, as a transparent
bridge, allowing for
passive detection or
active prevention
Protection
Designed for both
Enterprise
& Operational
networks, solution
effectively supports
stand-alone
OT security or IT/OT
converged security
operations
Designed
With industrial
environments
in mind

18. Sirens
⬡ Virtual Fake Assets
⬡ Replicate ICS devices such as
PLCs, VFDs, HMIs etc.
⬡ Mimic device communication to
entice reconnaissance scan
⬡ Mirror customers’ actual assets
⬡ No limit to number of devices
(needle in a haystack)
⬡ Appear as OEM to network analysis
tools (CyberX, Tenable, GrassMarlin
etc.)

19. GEO & GNL Fencing
As we track source and
destination we can compare
to GES and Global network
addressing and can block
based on:
● Region, Country
● Global Network
● Traffic Type

20. Use Case: Commercial
Water Operator
OVERVIEW
A client manages water,
wastewater, natural gas,
and electricity distribution
systems and supports traffic
signals and street lights in
multiple Canadian
provinces & U.S. states.
PROBLEM
Operating in many
jurisdictions and with a
limited OT cybersecurity
team, the client struggled to
protect OT assets
from threats.
SOLUTION
The OT Security Director
uses multi-site perimeter
in which he deploys a
deceptionGUARD unit at
each of 11 sites with OT
environments. Each
deceptionGUARD creates a
perimeter between the IT & the
OT infrastructure along with a
deceptive sub-network of fake
controllers & other ICS devices.

21. Use Case: Food & Beverage
Manufacturing
OVERVIEW
A major food & bev
manufacturer endured
the high cost of rebuilding
its systems because of a
ransomware attack.
PROBLEM
The company invested
in enterprise-level
cybersecurity, but found
that it was inadequate on
the OT side.
SOLUTION
Client is working GrayMatter
to establish
a hardened OT network
perimeter and mitigate
concerns about ICS
connectivity after a
modernization (Industry 4.0)
initiative ended reliance on
“air gap” approach.

22. Additional Features
Siren Library
Library allows customers to
select from a drop-
down menu of devices
and deploy quickly.
Reporting
Compliance
& audit reporting
Integration
Integrates with SIEM
tools and IDS
& firewall technologies
OT Operator
Coordination
Provides alerting data
on HMIs along with
security alerting

23. New Approach
Offense
Other technologies report
on assets under attack.
deceptionGUARD uses a
no-risk decoy to lure
attackers away from
valuable assets.
Defense
Strategic enforcement
begins before real
attacks take place, so
attackers are blocked
from network
resources.

24. GrayMatter is
transforming
operations &
empowering
people.

25. THANK YOU
Slides Credit: SlidesCarnival Aliena
| GRAYMATTER | GRAYMATTERSYSTEMS.COM