Organizations have spent too long operating in reactive mode, bombarded by increasingly sophisticated cyber threats. Security spending continues to grow, but so do serious breaches. Cyber security deception technology offers a new approach, turning the tables on bad actors—the masters of deception—by luring them into revealing themselves.
Recent advances in technology have made deception security cost-effective and operationally feasible. By working with the right managed services partner and following a few simple guiding principles, you can realize significant improvements in your threat detection and response capabilities.
A changing world
The modern enterprise is a complex amalgam of legacy and digital systems comprising IoT devices, cloud assets, bring-your-own-device hardware and, now, a largely remote working endpoint estate. The old certainties of perimeter-based security are gone. A more fluid IT environment opens new entry points for cyber criminals with tool sets that include (but are not limited to) vulnerability exploits, phishing lures and stolen credentials.
Global spending on cyber security is set to increase 10% in 2021, yet organizations struggle to stop advanced threats, Canalys reports. Traditional reactive tools are failing, and security operations center analysts are overwhelmed by and unable to prioritize threat data from competing products. Tanium reports that global organizations have, on average, 43 tools to manage endpoint security alone, each pumping out data and alerts. The result: attackers sneak in under the radar and stay undetected for far too long—more than a quarter of breaches took at least one month to detect, according to Verizon's 2020 Data Breach Investigations Report.
Security teams need a proactive way of detecting suspicious activity earlier in the cyber kill chain.
What is deception security?
This is where cyber security deception technology comes in. It's sort of the virtual equivalent of a burglar-detecting motion sensor system. Fake assets and data are scattered throughout your IT environment, and digital breadcrumbs lure attackers to these assets. When an attacker interacts with the bait, the system triggers an alarm. You can kick the intruder out of your network right away, or you can monitor them to gather intelligence.
Cyber criminals have been using deception for years, creating spoofed phishing emails and hiding hidden malware inside legitimate-looking apps and attachments. It's time to turn the tables.
Setting the trap
There are many cyber security deception technology systems on the market today. Each is slightly different, but they all use common elements.
- Digital breadcrumbs are placed on legitimate IT assets and in active directories to lure attackers into the deception environment. These might include fake documents, emails and files.
- Honey pots, or decoys, are machines or servers set up to look like legitimate IT assets but which are really primed to detect any unusual activity, such as the presence of network scanning tools. Attackers use honey pots to figure out how to move laterally.
- Honey users are fake accounts set up to monitor brute-force attempts to hijack them.
- Honey credentials are placed on endpoints as bait for attackers. If attackers compromise these credentials and try to use them elsewhere, you'll know right away, and you can track the malicious actor across the environment.
- Honey files are placed in important directories to monitor attempts to open and alter them.
What can cyber security deception technology do for you?
By laying virtual traps, you can more effectively minimize the risks and ramifications of advanced cyber threats such as data theft, ransomware, banking Trojans and coin mining. And you can stop some tried-and-tested threat actor techniques, such as credential theft, lateral movement, sensitive data theft, man-in-the-middle attacks and attacks on directory systems.
Cyber security deception technology can help you:
- Make security operations center analysts more efficient by minimizing false positives and providing high-fidelity, actionable intelligence to track attackers
- Mitigate the financial and reputational impact of a serious security breach by reducing dwell time (the length of time attackers remain in the network undetected)
- Optimize threat hunting, incident response and cyber resilience by collecting detailed forensics, including indicators of compromise and attackers' tactics, techniques and procedures
- Enhance decision-making by improving cyber risk visibility
- Confuse intruders and discourage future attacks