Deceptions Everywhere ®

Insights on threat and cyber risk trends, use cases for deception technology
and strategies for combatting targeted attacks

Four Quick Thoughts about the Marriott Breach

Posted by Ofer Israeli on Nov 30, 2018 2:28:58 PM

My phone’s been ringing this morning from people wanting to talk about the massive Marriott breach — the revelation that private data associated with up to 500 million people may have been compromised. I’m sure there’s a lot more to learn from the details, but in the meantime, I’ll take a quick minute to jot down some initial thoughts:

Read More


Anticipating Cyber Monday: Meet and Exceed PCI-DSS Compliance

Posted by Guy Rosenthal on Nov 20, 2018 11:37:16 AM

In 2004, the Payment Card Industry Data Security Standard (PCI DSS) became a fact of life for organizations that accept payment via credit or debit cards. In that year, the leading card issuers rolled out the first iteration of its security standard, designed to improve protection of payment systems as credit card data became a prime target for cyberattackers. Today, even as organizations have entire teams dedicated to PCI compliance, one consumer business after another—including Macy’s, Adidas, Panera Bread and Chili’s—have been breached, resulting in exposure of cardholder data.

Read More


Ponemon Report: How Security Teams Defend Against Post-Breach Attackers

Posted by Beth Ruck on Nov 15, 2018 9:57:52 AM

Moody's Cyber Risk Group: “Cyber becomes more and more important.”

On November 12, Moody’s announced its intent to start incorporating in its credit rating method the degree to which an organization faces risk of major impact from a cyberattack. This follows the news, back in February 2018, that the Securities and Exchange Commission issued additional guidance on its requirement that public companies must “inform investors about material cybersecurity risks and incidents,” even if they have not yet been the target of a cyberattack.  

Read More


3 Hidden Ways Your Privileged User Credentials May be Available to Cyberattackers

Posted by Revital Aronis & Dolev Ben Shushan on Oct 23, 2018 3:14:05 PM

Preventing the ability of attackers to perform lateral movement within your network is not only a threat detection function—it’s also a cyber hygiene function. In this blog, we’ll review some of the most common—and invisible—ways that privileged user credentials proliferate in enterprise networks. It’s well understood that domain admin or other high-powered credentials are gold to a cyberattacker. With “keys to the kingdom,” they can move easily and silently from one system to another, change domain attributes, add permissions, change passwords, and connect to any machine in the domain. Most organizations dedicate significant resources to careful management of Active Directory and use various technologies and practices to control access privileges. But our experience shows that even in the most diligent organizations, privileged user credentials are more accessible to attackers than you’d think.

Read More


Deception Platforms Noted as “High” Benefits Rating by Leading Industry Analyst Firm

Posted by Beth Ruck on Jul 31, 2018 3:04:35 PM

What a difference a year makes.

In 2018, we find deception platforms listed with a “High” Benefits Rating in Gartner’s Hype Cycle for Threat-Facing Technologies2018.

Read More


Stop Cyberattackers by Stopping the Spread of Credentials

Posted by Gil Shulman on Apr 10, 2018 10:56:38 AM

With cyber risk an executive- and board-level concern, it's not enough to try to prevent attackers from gaining entry to your network. Advanced, persistent attackers can still get through even the most advanced defenses. Once they're in, they have the arduous task of moving from their initial point of entry to their ultimate target. This is the time when attackers are most vulnerable—and where we, as defenders, have an opportunity to tip the balance in our favor.

Read More


Stay up to date!