What’s so special about cyber deception technologies?
Gartner says cyber deception technologies are defined by the use of deceit and/or feints designed to thwart or throw off an attacker’s cognitive processes, disrupt an attacker’s automation tools, delay an attacker’s activities or disrupt breach progression. Deceptions are achieved through use of deceitful responses, purposeful obfuscations, feints, misdirections and other falsehoods. These techniques leverage the trust that attackers and the attackers’ tools must have in the network protocols, infrastructure, applications, systems and data elements they interact with or access during the execution of their attacks or throughout their intelligence gathering activities. Deception in this context is used as a technique for defensive or disruptive purposes, and is not offensive in nature.
There are no small number of vendors offering cyber deception solutions. One leading vendor, illusive networks, claims there are four things every CISO must know about cyber deception
Manipulating the One Thing Cyber Attackers Count On
Attackers have long been able to trust companies. They work on the fundamental assumption that the infrastructure data they see is real. Deception technology uses carefully designed lures to attract attackers during infiltration and instantly identify them.
Providing Instant Gratification
With firewalls and antivirus software, it can often take months to realize that a breach has occurred – and at times, these attacks go entirely unnoticed.
Deception technology triggers alerts the moment an attacker “trips the wire”. With the average cost of a data breach nearing $4 million, enterprise organizations can’t afford to wait until they’ve already been attacked to start handling the situation.
Going Beyond Digital Signatures
Digital signatures act as a fingerprint that identifies a digital threat; however, the rise of advanced persistent threats and zero-day attacks show that attackers are far too sophisticated to make the same mistakes twice.
According to a quote that appeared in National Cyber Security from Allen Harper, Chief Hacker at Tangible Security, “The cyber thug has worked to locate IP addresses and ports that appear to have the servers and services he can benefit from attacking.
He has worked to develop specific tools and approaches that routinely prove effective at breaking in and stealing data.” Deception technology turns the tables on the attackers behind the attack, not only by exposing them, but also by ensuring that their strengths become weaknesses.
Simplifying the Solution Stack
It’s hard to deny that networking equipment and software is growing more complicated. With the rise of software-defined networking, IT departments must deploy more in-band security appliances (firewalls and intrusion detection systems) to ensure protection.
However, these appliances often fail to keep attackers out, and can also interfere with network performance. Decision-makers must understand that deception technology eliminates this issue, seeing as deception lures are transparent to users and security staff, and only used by the attacker.