Our Services

Avantgard provides active cyber defence services developing campaigns to proactively protect our clients from cyber attack. Active cyber defence employs cyber intelligence, deception and active threat hunting to detect malicious activity sooner and more reliably than is possible with passive defence. Avantgard draws together leading Australian & International capability in Active Cyber Defence. Our work is done in the context of our national laws and of each client’s unique “regulatory universe”.

Request a consultation today
How does Active Cyber Defence work?

We survey our client’s online presence from an attacker perspective, then plant tempting deceptive elements where attackers will look. These deceptive resources are irresistible to attackers who are led to traps where their activity is recorded while the defender is alerted.

The defender gets these benefits:
  • Enhanced cyber resilience – you know exactly what your attackers are doing and what tools they are using against you from day to day;
  • Assurance that breaches will be detected quickly;
  • Zero false positives reduces staff workload;
  • Detection of even previously unknown malware;
  • Works even in unhygienic environments with legacy infrastructure
What is Passive Cyber Defence?

Passive cyber defence relies on conventional cyber security practices such as network hygiene, firewalls, virus filters, good user behaviour etc. By itself, passive cyber defence has proven to be ineffective against sophisticated attacks.

Active Cyber Defence vs Cyber Offence!

Active Cyber Defence excludes offensive cyber actions which are the sole domain of authorised government agencies.

TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of traps can be deployed with little effort, creating a virtual mine field for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately. TrapX’s customer base includes over 300 Forbes Global 2000 commercial and government customers worldwide.

Avantgard represents TrapX in Australia and NZ.
WorldStack Providence is an Australian sovereign Threat Intelligence Platform. The Providence Engine gathers data from it’s own continuous indexing of the dark, deep and surface web and fuses this with proprietary and open-source feeds to provide enriched intelligence that is tailored to the organisation. Human analysist triage alerts to filter out false positives and irrelevant data to produce finished actionable intelligence. Customers also have access to the raw data feed via API and STIXX/TAXXI feeds and can use Providence web-portal tools to undertake their own analysis.

Avantgard represents WorldStack in Australia and NZ

HoneyTrace is an Australian sovereign solution for data loss detection The HoneyTrace solution uses AI technologies to generate unique fake tokens (tracers), such as documents, database records, website redirects, credit cards numbers and email addresses. These tracers contain watermarks and tripwires, providing unique fingerprints that are used to discover and track data theft inside and outside your network. All tracers are unique, and are not needed for any business purpose, so any interaction with them or appearance outside your network is suspicious.

Avantgard represents HoneyTrace in Australia and NZ.

HoneyTrace intelligent search bots are always working— scanning the Internet and deep web for unique tokens created by HoneyTrace to alert you when leaked data is detected. If your data has been stolen, the embedded tokens can be used to identify what parts of your network have been breached. By regularly rotating your tracers, you can determine when the data was breached.

Who We Are

Andrew Cox

Founder & CEO

Over the past 25 years Andrew has led technology vision for a series of Australian start-up companies including Comindico and IP Systems who pioneered the global adoption of IP communications. These projects developed new industry models to convert technology vision into real world applications. In recent years Andrew has consulted to Australian enterprises and government agencies on the procurement and adoption of disruptive technologies. Since 2016 his focus sharpened toward widening adoption of active cyber defence as the most prospective approach to tilt the balance of cyber power back in favour of defenders.

Phill Moore

Director/Tech Manager Cyber

Phill is a seasoned technology architect, influencer, and trusted advisor to Fortune 500 and Government agencies.  

Phill’s career has spanned Australia’s largest commercial and Government entities in Architecture and Management roles within the Security and Infrastructure Domains, including at Telstra, Big Pond, Sun Microsystems, Sydney Water and Okta.

Phill has first hand experience and an understanding dealing with cyber breaches and the severe impacts of these attacks have on unprepared businesses.

He has specialist knowledge and experience across the transport, utilities, telecommunications & financial services (banking, insurance) and health domains.
Focusing on on Active Cyber Defence techniques, starting with active cyber  intelligence, deception tools and lawful counter-measures for both on-premise and cloud workloads in order to gain a deeper understand for more effective  target controls to tip the balance back in favour of the defender.

Andrey Shirben


Andrey served for 6.5 years in the Israeli Intelligence Corps’ Unit 8200 (ranked Captain) specialising in operational & technological early detection where Andrey led some of the most transformational projects in his field. Later, he led Lawful Interception projects with integration between government agencies, Telco’s & ISP’s in 30 countries. In Australia, he worked with Australian Federal Police, State Crime Commissions, and others. An Australian citizen, Andrey is a seed investor in both Israeli and Australian technology start-ups, backing over 100 companies including key investments in cyber security, giving him insight to early emerging security solutions and the capabilities of their founders. Andrey is chairman of ASX listed jayride.com.

Yoav (Joe) Saar (Lt. Colonel Retired)


Yoav (Joe), served 25 years in Israeli Air Force Intelligence. Among his duties was responsibility for Israel’s national response to early threat warnings where he re-cast Israel’s operational approach and gained recognition as an authority on strategic risk mitigation. After retiring the IAF, Joe migrated his family to Australia where his expertise is enhancing Australia’s cyber resilience. Joe also holds B.A and M.A. in history and international relations (both Cum Laude).


TrapX Technical Datasheet

Cyber Deception without limits. A technical product overview

CylusOne Cybersecurity for rail Signaling

CylusOne provides a complete and real-time view of the entire network with detailed information that covers all levels; from the network’s entire topology down to the granular level of each and every asset, including trackside devices, interlockings, management workstations and more.

TrapX WhitePaper - Simplifying Adoption MITRE ATT&CK with Deception

Deception takes a fundamentally different approach to cybersecurity, and offers unique benefits for those looking for insight to support ATT&CK prioritization. Unlike other security controls, deception draws the attacker in. The moment an attacker interacts with a trap, they reveal themselves and their tactics, techniques, and procedures.

ACDA Whitepaper - How to Respond to a Cyber Crisis

Active response uses cyber deception, negotiation and dark web intelligence to extract intelligence from the attacker, shape attacker behaviour and assure eradication. Such an intelligence led approach provides better outcomes with greater assurance of recovery and lowered risk of repeat attacks

Medical Device Hijacking Medjack.4

TrapX Investigative Report – Over the last six months, TrapX Labs conducted the world’s first counter-intelligence cyber-deception operation by creating a fake hospital network and disseminating VPN credentials for it in the Darknet. Extensive data was collected on threat actors targeting healthcare providers and unearthed several cases of MEDJACKING

White Paper - Assertive Cyber Security - Avantgard

The deception strategy assumes that a proficient hacking team will find a way in, often through just one machine, network share or database. They will then begin to move laterally to explore the environment, looking for the valuable assets.

If network shares can be set up that are in every sense genuine, and are linked and ‘breadcrumbed’ across the network, but in fact only exist to be visited by hackers, we have the potential for an irresistible decoy trap.

Contact us

Have a question? Want to talk to us?