Deception technologies fundamentally change the way we face cyberthreats. Advanced attackers know that the weakest link in any security chain is usually a human being. But the reverse is also true: deception technologies leverage the fact that advanced attackers are human, too.
Once they’ve found an entrance, attackers need to move laterally through the network to reach their targets. They rely on the information they encounter to orient themselves and determine their next moves. But what happens when this information, which the attacker takes at face value, is actually a sophisticated trap?
Although still emerging, deception as a defense strategy is attractive for organizations of all sizes. Leading analysts estimate that by 2018 10% of enterprises will use deception tools and tactics, and actively participate in deception operations against attackers.
Using deceptions throughout the infrastructure greatly increases the chances of stopping attackers in their tracks. Deceptions can be considered in four primary categories:
- Network deceptions emulate network protocols, Windows, Linux, or other machines on the network or – to further deceive the attacker – can also send fake traffic over the network.
- Endpoint deceptions fool the attacker into believing he or she has pieces of information that will provide access to the next system on the attack trail. Instead, when trying to log in, an alert is generated. Defenders are now aware of the intruder and forensic collection can begin.
- Application deceptions are planted within instances of the organization’s actual applications.
- Data deceptions are the most difficult to design. The challenge is to place effective and authentic-looking fake data inside real applications, such as email, so that an alert is triggered when an attacker tries to use data they’ve harvested.
Three deception challenges
A primary challenge is to create deceptions that will effectively lure the attacker while also appearing legitimate and authentic. For example, care must be taken to reflect the actual naming conventions used by the organization to ensure that planted deceptions are indistinguishable from actual objects and elements in the environment.
A second challenge is that attackers are persistent. They’re likely to fail multiple times, but will gather intelligence and redouble their efforts. Deceptions, therefore must be dynamic. By continuously moving and altering the deceptions over time, we can ensure that each time the attacker returns, changes in the environment force the attacker to backtrack or start from scratch.
A third change is purely a scaling one. Sufficiently infusing the environment with well-designed deceptions requires artificial intelligence and advanced automation.
Why illusive’s deception solution
illusive networks is a game-changer for addressing cyberthreats. Detecting an attacker’s lateral moves early on is the single most effective way to prevent theft or disruption of your organization’s valuable assets. illusive networks’® Deceptions Everywhere® technology places a deceptive layer across the infrastructure—endpoints, network, applications, and data—creating a rich maze of false information and deceptive routes to crown jewels. Even an advanced, knowledgeable attacker can’t distinguish between real and fake. Moving toward your critical assets becomes virtually impossible without being detected.
Want to learn more about dynamic deception technology? Access the full whitepaper here.