Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
2/27/2018
09:00 AM
Laurence Pitt
Laurence Pitt
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Misleading Cyber Foes with Deception Technology

Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks.

During the Second World War, a unit of the Allied Forces called the Ghost Army used rubber airplanes, inflatable tanks and other props to fool German commanders into thinking they were dealing with a bigger military force than in reality. One of their many subterfuges was to get Axis forces to think an entire Allied Army unit was in a particular area when in fact there was none. Such deception and strategic trickery has been a staple of warfare through history, and is an approach that a growing number of organizations have now begun employing in cyberspace as well.

Gartner defines deception technologies as a class of products that use "deceits, decoys and/or tricks" to stop, throw off or delay an attacker, disrupt automated malware tools and to detect attacks. Analysts at Technavio estimate the global demand for deception tools to grow at 10% annually to around $1.5 billion by 2021.

Deception tools are basically decoys of real systems that can be deployed at multiple points on the network to keep intruders away from your real assets. They work by getting malicious actors to chase down non-existent targets, luring attackers into traps, and keeping them engaged long enough for security teams to understand their activities. The goal is to confuse and confound attackers to the point where it becomes too hard or too costly for them to pursue a campaign.

Honeypots are a good example of a deception technology. But they are not the only available option, by far. Deception tools these days allow you to deploy decoys for virtually every hardware and software asset on your network. The tools — available from a fairly long and growing list of vendors — can be used to mimic your endpoint systems, servers, network components, applications and real data. From an attacker's perspective, the decoy systems will appear exactly like the real thing down to the operating system and software versions.

In addition to luring attackers away from your real assets, deception tools trick attackers into revealing their hands early. With deception systems, there is no question of false positives and false alerts. Anytime someone hits a decoy system you know it has to be an unfriendly actor because there is no reason for a legitimate user to want to access it. You can then either choose to shut down the attackers more quickly, or observe their moves and see what you can learn about the tactics, techniques and procedures.

Deception products can supplement the capabilities of your existing portfolio of security controls. They are not primarily designed to stop attacks from happening. Virtually no existing security tool or control can guarantee against a breach. Instead, deception tools can help you quickly and reliably spot intruders who have managed to penetrate your outer defenses in order to prevent them from moving laterally inside your network. That is a critical capability to have at a time when attackers have shown a growing ability to breach perimeter defenses and lie hidden on enterprise networks for extended periods of time. 

Laurence Pitt is the Strategic Director for Security with Juniper Networks' marketing organization in EMEA. He has over twenty years' experience of cyber security, having started out in systems design and moved through product management in areas from endpoint security to ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...