Trapster

Trapster is a deception-based cybersecurity product developed by Ballpoint, a French offensive security firm. The platform deploys decoys — including fake servers, credentials, files, and network services — across enterprise networks to detect intrusions early by alerting security teams the moment an attacker interacts with any decoy asset. The product is delivered as pre-configured virtual machines compatible with VMware, Hyper-V, and Proxmox hypervisors. Once deployed on a network subnet, decoys emulate common services such as SSH, RDP, SMB, FTP, DNS, LDAP, and MSSQL. Because legitimate users have no reason to interact with these decoys, any contact is treated as a high-confidence indicator of compromise, eliminating false positives. Key capabilities include: - 1-click decoy deployment across network subnets - Honeytokens (fake credentials, API keys, decoy files) - Full session capture including keystrokes, commands, and payloads - Instant alerting via email, Slack, Microsoft Teams, or webhook - Integration with SIEM and SOAR platforms including Sekoia, Splunk, Syslog, and REST API Trapster targets SOC teams and enterprises looking to reduce alert fatigue from EDR, SIEM, and XDR tools. The platform is hosted on OVHCloud infrastructure in France and holds ISO 27001 certification from BSI Group. It is integrated into the European security ecosystem and used by organizations including INRIA and Platform58.