Despite increasingly sophisticated and layered cyber defence systems, those responsible for information security still contend with one basic fact – they are always on the backfoot when it comes to safeguarding their systems against attack. In this article, we look at how Deception Technology can be used by organisations to alter the balance and enhance their cybersecurity attack detection and defence capabilities.
Looking back through history’s conflicts, that the art of surprise has been used time and time again to great effect, to the attacking side’s advantage – this same basic principle holds true for cyber-attacks. For those working as security professionals or in a SOC (security operation centres) environment, this translates to the daily struggle of not knowing where, or what, the next attack could be – spending days trawling through logs and correlated information streams trying to identify signs of a breach.
How do you prepare and defend against an attacker, if you have no idea what direction they are coming from, or what they will look like when they arrive, they may arrive on foot, tunnel in under the walls, or arrive at the front gate in a giant wooden horse!?
Hide and Seek
More recently, organisations have been dealing with this game of hide-and-seek with an alternative strategy, taking a proactive stance and going on the offence. This philosophy starts with an acknowledgement that attacks are an inevitable part of doing business in an online world. Once you take this view, offensive steps begin to make more sense, the outlook that forms the foundation of deception technology.
Deception technology helps you leverage the same element of surprise used by an attacker, but turn it against them.
The principles behind deception technology are simple yet effective, taking its cues from the information that’s valued by cybercriminals. Deploying decoy systems and files across a network disguises the information assets as low hanging fruit, distracting would-be criminals from true production systems or valuable data assets.
In the event these decoy systems are accessed, the SOC team is alerted to their presence and incident response procedures can commence. The behaviours and activity also allow the SOC team to closely monitor patterns, activities and techniques used providing invaluable data to help detect and prevent future attacks.
Insider Threat Detection
Such deception technologies are just as effective at detecting and protecting against the insider threat. If a member of staff or contractor starts poking around the network from the inside, trying to access the information they shouldn’t, then deception technology is one of the most effective ways to catch them.
Deception technology’s greatest benefits are not technical at all they are the psychological and financial impact that is felt by an attacker who is caught within a deployed web of deception technologies.
When decoy systems are deployed within the network, the psychological effect is that an attacker can never be sure the target systems they are accessing are the true target or the decoy. Has the attacker truly breached the network undetected or is every one of there moves being watched or coerced further into the deception web? Doing so would mean the SOC team can examine, deconstruct and learn from the tactics used.
One comparison that I have seen used as a design principle is that of the Panopticon effect. The panopticon was a philosopher’s design for prison or institution where all prisoners could be observed by a single security guard, without the inmates being able to tell if they are being watched. The deployment of deception technology will cast doubt in the minds of cybercriminals and potentially increase the likelihood of detection.
The potential to create diversions, complexity and confusion will erode away at the value for any cybercriminal as the time investment increases. The more time that it takes to steal data, the less valuable it becomes, especially when it threatens future efforts when techniques and tactics are disclosed.
The effective deployment of deception technology still requires the fundamentals foundations of cybersecurity to be in place. Without network segmentation, proper access control, security systems and reporting – deception technology alone will add little value.
In the absence of these systems, the SOC team will see that a decoy has been tripped, but without the visibly afforded by effective controls, they would have no sense of the entry point or how the attacker has traversed through the network.
Correctly implemented and with appropriate security systems in place; deception technologies allow a security team to take an offensive stance, allowing them to turn the tables and take back the element of surprise.
We can help deploy decoy and deception systems in your environment to help enhance your security capabilities. Our team can also design, supply and implement FortiDecepter solutions from market leader Fortinet. E-mail firstname.lastname@example.org , Call +44 1624 777837 or submit our contact form.
- Best Small Business Firewall / Router
- Intrusion Prevention Systems (IPS) for Business
- Internal Network Firewalls (INFW)