The vast array of breaches, from the Yahoo! breach to the Bangladesh Bank Attack, make it abundantly clear that organizations worldwide remain vulnerable to devastating cyber attacks. Prevention based security is certainly needed and provides prevention to a point, yet companies continue to invest in detection, understanding that getting hacked is a matter of time. Detection is effective if it pinpoints at the early stage of the attack so that rapid response can be deployed. Yet for the most part, detection only alerts security once attackers are far into the network. This instigates what amounts to little more than a game of cat and mouse.
I have attended many of the large-scale security industry trade shows, RSA, Gartner, BlackHat, etc. and am currently at the Gartner Security Summit in National Harbor MD. Having spent the past 2 days on the exhibit floor, and attending some of the sessions, I find it challenging for any security practitioner to identify, select, and investigate the top 3 or so security solutions that may be the most relevant to today’s challenges.
Until now, email has been one of the easiest routes for attackers trying to breach an organization’s security. Email systems span organizations and connect everyone internally. They’re also the most heavily used applications in most organizations. They contain a vast amount of valuable data for an attacker, and the humans who use email are just that—human. They are prone to click on inviting email links or open legitimate-looking file attachments, and when they do, the attacker gains a foothold in the enterprise environment. From there, he works to find email credentials and reach the email servers.
Attackers targeted a large telecom company with thousands of IT devices in its international network and data centers. They managed to compromise a field technician’s laptop through a malicious email attachment, but illusive networks’ Deceptions Everywhere® technology detected it.
Security researchers build their understanding of attackers’ actions slowly—over time and with considerable attention to subtle details. It’s not unusual to examine hundreds or thousands of artifacts to find just one that will shine the light on an attacker’s activity.
We see it every day. There’s a widespread misunderstanding about the differences between deception technology and the traditional honeypot method of detecting cyber attackers. Honeypot tactics and deception technology are significantly different—from their underlying basic premise to their levels of effectiveness. Here’s how they differ.