Deception technology: New dimension for defense-in-depth

Sophisticated & customized attackers embrace advanced tools/techniques so as to penetrate a secured perimeter or endpoint defenses. With the evaluation in Cyber-attacks like Advanced Persistent Threats (APT’s) and Zero Day attacks, Current perimeter security has proven to be vulnerable additionally security architectures/frameworks haven't proven to be agile enough to meet these modern threats. These issues or threats can be addressed with the help of Deception technology. 

Deception techniques like honeypots don't seem to be a brand new thought in security; but, evaluation of latest techniques and capabilities promise to deliver a game-changing impact on how these threats are faced.

In this Article, we are going to discuss the usage of deception technology playing a prominent role in enhancing the security posture of an organization.

Introduction to Deception technology

The Deception-based technology permits the organizations to quickly detect, analyze and defend organizational networks against real-time attacks. Deception technology provides accurate information on malware and malicious activity that may not be detected by other types of cyber defense. 

Deception technology is a new framework in Defense in depth model of cyber-security designed to detect and analyze the threats induced by malicious software, zero-day exploits, and other targeted attacks. Deception technology provides the broad-scale deployment of “A network of camouflaged malware traps” that are interconnected with the organization's real data resources. These traps seem identical in every way to the organization's real assets. 

Once the attackers penetrate the enterprise, they will move laterally to seek out high-value targets. If they touch any one of the traps, they're detected. Deception technology framework then provides a high accuracy alert (These alerts don't rely on a probabilistic event or clustered around adjustable threshold) to the security team. Thus Deception technology enables the organizations to prevent the attacks or information breach. 

Figure.1  Deception and Decoys (Source Attivo Networks)

Deception Technology Categorization

Deception technology is classified into 3 basic categories of capability:

  1. Legacy Deception technology has been around for years and utilizes the notion of hand deployed and individually implemented traps. 
  2. Basic Deception technology added some automation and reporting around honeypots, here the operating systems and vendor applications should still be installed manually. 
  3. Advanced Deception technology utilizes automation deploying a broad network of emulated computers and servers, This technology brings effectiveness whereas at the same time reduces the cost well below the other implementation selections. 

Note: Managed security service providers (MSSP) have emerged to fill the gap in operations. they allow the enterprise to integrate new architectures like Deception technology using the extended resources of the MSSP team. 

Key benefits of Deception techniques

  • Deception technology finds sophisticated attackers like advanced persistent threats (APT’s) and Zero Day Events that existing endpoint defense systems might fail to detect.
  • Accurate and rapid detection reduces the risk of economic loss due to the destruction of enterprise assets, theft of data, and overall impact to business operations. 
  • Advanced real-time forensics and analysis that is coupled with high accuracy, uniquely empowers the security operations center to take immediate action to disrupt all attacks within the network perimeter thus reducing the time to breach detection:
  • Deception techniques provide comprehensive visibility into internal networks thus revealing attacker activity and intentions thereby terminating the attack. 
  • Improves compliance, to satisfy PCI and HIPAA data breach laws, along with other regulatory requirements in various countries. 
  • Deception technology is compatible with existing solutions where it can be integrated with the current operations and defense in depth solutions. 

Recommendations to think about before adopting Deception technology product

  • Check how the threat deception techniques leverage to enhance your current threat defense capabilities against advanced adversaries.
  • Need to consider that integration with threat deception providers will bring any additional value to the current offerings.
  • Evaluate current deception capabilities across the security market, and articulate them properly to demonstrate the value of deceiving the attacker.

Conclusion

The Deception technology enhances both Network and Cyber Security into a more effective security strategy by reducing the false positives, profiling the attack, attacker and the ways of attack. Gathering information using profiling is often helpful to feed an information Security database that can act as input to the analytics tools to generate knowledge. With this information, the Blue and Red teams will understand better the mechanics behind the threats and anticipate it.

Authored By - Rajesh Rao Budnar
TCS Cyber Security Practice

Rate this article: 
Average: 4 (1 vote)
Article category: