How Deception Technologies Enable Proactive CyberdefenseSizing Up the Important Role the Technologies Can Play
As organizations come to grips with the realities of the current state of cybersecurity, more are considering leveraging deception technologies. They're seen as a way to shift away from a purely defensive "detect and response" posture toward a more proactive offensive approach that draws stealth cyberattackers into the open before a breach.
Deception as a tactic has been around since the early days of honeypots. But today's new, much more powerful, deception technologies leverage artificial intelligence and machine learning to enable the automated deployment of fake content, lists, databases and access points that play directly into the attackers' desires and then trap them into false storage or network areas and occupy them until the threat can be contained.
Deception technologies enable the sort of proactive defense strategy that the industry can easily adopt to help to reduce data breaches.
Older generations of deception technologies called for deployment and monitoring, which required a dedicated team of forensics analysts to properly operate and deploy. Modern versions can easily auto-generate fake targets based upon scans of actual network segments, artifacts and databases. And they can deploy mock networks running on the same infrastructure.
Among the companies offering the technologies are Acalvio, Attivo Networks, Cymmetria, Illusive Networks, Smokescreen and TrapX Security.
No False Positives
Because the fake targets are never accessible by legitimate users, there are no false positives to deal with, no alert fatigue to drain resources and no lag time for notification of probable malicious intrusions.
In addition, the machine learning components can be modeled to dynamically recreate new deceptive network models - either randomly or on a fixed schedule - to ensure that savvy intruders are continually outwitted even if they suspect that deception technologies have been deployed.
The other good news is that most modern deception platforms can be mapped and deployed in a couple of hours and are easily configurable to target specific assets and network segments for replication as decoys.
The objective of moving toward a proactive defense strategy is to assume an attack will occur and instead of focusing on prevention and response. The application of deception technologies allows organizations to leverage the existing network infrastructure to detect intruders early, thus reducing the attack surface and enabling the collection of adversarial threat intelligence along the way.
The quality of this form of threat intelligence is a marked improvement over the minimally useful data organizations are usually able to collect following a disrupted attack. That post-attack data rarely provides sufficient insights into techniques and tactics that would help remediate an attack fully or prepare against a similar attack in the future. And it makes verification that the attackers' tools have been removed from the network virtually impossible.
Quick Detection Essential
Crowdstrike reports that the average "breakout time" following a successful attack is 1 hour and 58 minutes. That's the amount of time between when an intruder gets on a machine, whether it's through spear phishing or some sort of strategic web compromise, and when they break out of the beachhead they've established and compromise other systems, Crowdstrike explains.
Clearly, detecting an adversary quickly has never been more critical.
Implementing deception technologies not only attacks the attackers during their forays through the initial access steps as they attempt to locate targeted assets, but it also moves away from the conventional challenges and expenses associated with implementing and integrating point solution technologies that manage access to the computing environment.
The expanding adoption of cloud infrastructure, global access requirements and the explosion of connected devices all compound to place an enormous burden on conventional security solutions and human response teams, neither of which can keep pace or scale to manage this expanding threat landscape.
Organizations can no longer depend only on cybersecurity point solutions because serious attackers can easily bypass these defenses. Deception technologies enable the sort of proactive defense strategy that the industry can easily adopt to help to reduce data breaches.