What do enterprise security teams have in common with Hannibal at the Battle of Cannae in 216 B.C.? A lot. Both face an onslaught of adversaries. Both have valuable reputations and territory (or markets) at stake. And both need a way to outdistance enemies by enlisting new tactics. With today’s cyberattacks, yesterday’s approaches are not enough. As it did for Hannibal, deception offers a way to turn attackers’ own methods against them. The history of deception shows that weapons and tactics might change, but the ability to make an adversary act on something that isn’t real offers modern enterprise defenders a new arsenal of tools.
Deception in Physical Warfare
From deceptively positioning scarce resources, as Hannibal did, to building a fleet of inflatable decoy tanks and trucks, using double agents, and broadcasting fake radio messages in World War II—military leaders used deception to shift momentum in their favor. For unwitting adversaries, such as the Roman army in Hannibal’s case, the results could be disastrous.
The message on a deceptive Civil War vessel read, “Deluded people cave in!”
Deception as a Cyber Strategy
Before widespread Internet adoption, computer hackers attempted to penetrate government systems. In the late 1980s, a systems manager at Lawrence Berkeley Laboratory discovered evidence of an attacker in the network and strategically used cyber deception tactics to track him. He finally convinced the CIA that there was a legitimate threat to national security, and they ultimately broke an international espionage ring.
Early Honeypot Security
In the 1990s, deception tactics were harnessed in early honeypot security technology. Honeypots were used to emulate real network systems. This diverted attackers from production systems and enabled security experts to study their behavior with the goal of identifying them and learning how to improve defense tactics. Though early honeypots had limited reach and were resource-intensive, they placed a digital stake in the ground for the fledgling cyber deception industry.
Casting a Wider Net of Deception
A decade or so later, honeypot security vendors began adding lures across the network to broaden reach, engage with attackers earlier and increase the odds of drawing them to a honeypot. They also worked on techniques for simplifying honeypot deployment and management.
In 2015, Illusive introduced cyber deception planted on endpoints across the IT landscape. The idea was to catch attackers wherever they broke into the network and as close to the network edge as possible to prevent impact to critical systems. Rather than drawing attackers to a destination, this model uses deceptions to detect malicious attempts to move laterally through the network. Illusive creates the appearance of an infinitely more complex environment. Attackers have to trust that what they see is real—even when it isn’t—and face high probability of making a wrong move, at which point a security alert is triggered.
Smart Automation Ups the Ante
Today, machine intelligence and automation have opened the next chapter in the history of deception. Now, deception technologies can discover network systems, connections, and crown jewel assets and know where an attacker is in relationship to them. Intelligent deception systems can recommend and craft authentic network, system, application, server, and data deceptions that are customized for each system and appear native to the environment. AI-driven automation also enables a complex web of cyber deceptions to evolve and keep pace as threats and businesses change, even in the largest networks. These developments give security teams a clear advantage in out-maneuvering attackers.
Of course, other rigorous security controls are essential. But in the midst of continuous business change, a growing attack surface, and humans who make mistakes, cyber deception technology with intelligent automation is a must-have.
Download our white paper, , to read more about the history of deception and its role in future-looking cyber security threat programs.