Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
2/27/2018
09:00 AM
Laurence Pitt
Laurence Pitt
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Misleading Cyber Foes with Deception Technology

Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks.

During the Second World War, a unit of the Allied Forces called the Ghost Army used rubber airplanes, inflatable tanks and other props to fool German commanders into thinking they were dealing with a bigger military force than in reality. One of their many subterfuges was to get Axis forces to think an entire Allied Army unit was in a particular area when in fact there was none. Such deception and strategic trickery has been a staple of warfare through history, and is an approach that a growing number of organizations have now begun employing in cyberspace as well.

Gartner defines deception technologies as a class of products that use "deceits, decoys and/or tricks" to stop, throw off or delay an attacker, disrupt automated malware tools and to detect attacks. Analysts at Technavio estimate the global demand for deception tools to grow at 10% annually to around $1.5 billion by 2021.

Deception tools are basically decoys of real systems that can be deployed at multiple points on the network to keep intruders away from your real assets. They work by getting malicious actors to chase down non-existent targets, luring attackers into traps, and keeping them engaged long enough for security teams to understand their activities. The goal is to confuse and confound attackers to the point where it becomes too hard or too costly for them to pursue a campaign.

Honeypots are a good example of a deception technology. But they are not the only available option, by far. Deception tools these days allow you to deploy decoys for virtually every hardware and software asset on your network. The tools — available from a fairly long and growing list of vendors — can be used to mimic your endpoint systems, servers, network components, applications and real data. From an attacker's perspective, the decoy systems will appear exactly like the real thing down to the operating system and software versions.

In addition to luring attackers away from your real assets, deception tools trick attackers into revealing their hands early. With deception systems, there is no question of false positives and false alerts. Anytime someone hits a decoy system you know it has to be an unfriendly actor because there is no reason for a legitimate user to want to access it. You can then either choose to shut down the attackers more quickly, or observe their moves and see what you can learn about the tactics, techniques and procedures.

Deception products can supplement the capabilities of your existing portfolio of security controls. They are not primarily designed to stop attacks from happening. Virtually no existing security tool or control can guarantee against a breach. Instead, deception tools can help you quickly and reliably spot intruders who have managed to penetrate your outer defenses in order to prevent them from moving laterally inside your network. That is a critical capability to have at a time when attackers have shown a growing ability to breach perimeter defenses and lie hidden on enterprise networks for extended periods of time. 

Laurence Pitt is the Strategic Director for Security with Juniper Networks' marketing organization in EMEA. He has over twenty years' experience of cyber security, having started out in systems design and moved through product management in areas from endpoint security to ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6507
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2019-6508
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2019-6509
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2019-6510
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2017-6922
PUBLISHED: 2019-01-22
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not pr...