Deception Technology as a Strategy for Cyber Security

Image by Lasse Vestegård from

Flickr

Nowadays, preventing security events from occurring is an uphill battle. The industry of cybersecurity to keep up with the commonality and intensity of cyber-attacks and data breaches. Additionally, some reports estimate that the lack of cybersecurity experts will only grow bigger and lead to a global crisis. This situation leads many security experts to come up with unique ways to combat cyber attacks.

One of the cybersecurity methods invented by these efforts is deception technology, which aims to change the balance of power between security teams and cybercriminals. Read this article to learn what is deception technology, what are the benefits of deception, and why your organization should implement it as part of the cybersecurity strategy.

What Is Deception Technology?

Deception technology is a security method designed to lure bad actors that have infiltrated the network into traps and expose themselves before they can inflict significant damage. The concept of deception technology originated with the honey pot technique, which is used by sites to attract people with malicious intent and identify them.

For deception technology to work, it needs to look genuine and mimic legitimate asses across the entire infrastructure. These decoys can also run in a real or virtual Operating System (OS).

Why Use Deception Technology?

Organizations use deception technology by placing a decoy in their network such as masking directories and files to seem like they hold high value to the organizations. When attackers try to access these decoys, they trigger the trap and the system alerts security teams across the organization that the organizational network has been breached and they are called into action.

Deception technology allows security teams to fight cyber attackers in their own game and employ techniques that are different from most traditional cybersecurity efforts and provides an early and accurate detection method.

Reasons to use deception technology include:

• Quick breach detection—gives attackers false impression that they have the edge and drops their guard. When they try to cease their advantage, the trap is activated and all their activities are recorded and security teams alerted and can begin mitigating the threat.
• Reducing false positives and provides automation—reduces the number of false positives generated by the systems and delivers useful alerts that are triggered under specific activities and events. Additionally, the system automatically generates alerts and replaces a hands-on approach to breach detection. Thus, making security less exhausted from chasing false positives and more focused and useful during true events.
• Scaling and automation—placing more decoys on new files and directories is easy, which makes deception technology highly scalable and allows you to fit into organizations of all sizes and grow according to need. Additionally, deception technology can be implemented in all types of organizational environments including on-premise, cloud and hybrid.

Detection Capabilities of Deception Systems

Deception threat technology is capable of detecting a wide variety of threats without relying on known signatures, pattern detection and database lookups:

• Geo-fencing—tracks and locates the attacker of the attempted to steal specific deception files.
• Man-in-the-middle (MITM) attacks—protects against events where an attacker intercepts and possibly modify communication between two parties without their knowledge.
• Lateral movement—detects when attackers try to move throughout different parts of your networks to gain more access and information.
• Credential theft—recognizes when bad actors attempt to steal username and passwords.
• Tracking stolen files—plants tracking software in stolen files and detects and send alerts and location information when attackers try to access the files even after they have downloaded them to their systems.

Deception Technology Vendors
Here is a list of several of the top providers of deception technology solutions:

• Acalvio—provides Advanced Threat Defense (ATD) solution to detect, engage and respond to malicious activity inside the network. increases the security capabilities of Development, Security and operations (DevSecOps) personnel with ease of deployment, management and monitoring.
• Cynet—offers a deception technology solution that supports various types of decoys to detect threats in various stages of the attack’s lifecycle. Cynet cyber deception provides preconfigured decoy files and allows you to craft your own files to best fit your requirements and system.
• Illusive Network—a group of ex-Israeli military intelligence, which offers deception technology solution for high-tech that detects attempts to disrupt and tamper with systems and empowers defenders to be more productive.

Deception Technology Strategy

The scale of deception technology must fit the requirements of the enterprise in which it is deployed. Consequently, the architecture of deception systems must be versatile enough to scale up and down with demand. Additionally, it needs to offer various decoy options to accommodate different technologies and environments.

After the system is activated and managed to catch threats, use the next stages to ensure you make the most out of your deception technology:

• System profile—analyze the deception system to identify what vulnerabilities were exploited and which tools or malware were used to launch the attack.
• Attacker profile—analyze the deception system data to learn how the attackers infiltrated the system.
• Attack analysis—study the attack and incorporate the lessons you learned to patch the security holes.
• Threat hunting—let your security analysts use playbooks and security alerts to hunt down the threat.

The Benefits of Deception Technology

Deception adds an important defense layer that no other form of security does and offers many benefits for organizations:

• Post-breach damage reduction—detects threats after relatively low dwell time to reduce damage potential and quicken remediation efforts.
• High-fidelity alerts—simplifies and accelerates incident response and reduces fatigue caused by false positives.
• Visibility—grants visibility into device, system, and network modifications to reduce risk of credential theft and other forms of access abuse.
• Versatility—not being reliant on knowing signatures, patterns, and attack vectors allow deception to be more adaptable and useful against advanced threats.
• Deployment automation—allows you to automatically deploy additional decoys around critical assets or make the areas you suspect to be susceptible to attacks more complex.

Wrap Up

Now that you understand the importance and value of deception technology, you are ready to start forming your own deception strategy and lay traps to protect your network from attacks. You can leverage the capabilities of technologies like honeypots and advanced analytics to not only stop threat actors in their tracks but also discover their location and attack methods. Sometimes, it’s better to fight fire with fire.