Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
2/27/2018
09:00 AM
Laurence Pitt
Laurence Pitt
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Misleading Cyber Foes with Deception Technology

Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks.

During the Second World War, a unit of the Allied Forces called the Ghost Army used rubber airplanes, inflatable tanks and other props to fool German commanders into thinking they were dealing with a bigger military force than in reality. One of their many subterfuges was to get Axis forces to think an entire Allied Army unit was in a particular area when in fact there was none. Such deception and strategic trickery has been a staple of warfare through history, and is an approach that a growing number of organizations have now begun employing in cyberspace as well.

Gartner defines deception technologies as a class of products that use "deceits, decoys and/or tricks" to stop, throw off or delay an attacker, disrupt automated malware tools and to detect attacks. Analysts at Technavio estimate the global demand for deception tools to grow at 10% annually to around $1.5 billion by 2021.

Deception tools are basically decoys of real systems that can be deployed at multiple points on the network to keep intruders away from your real assets. They work by getting malicious actors to chase down non-existent targets, luring attackers into traps, and keeping them engaged long enough for security teams to understand their activities. The goal is to confuse and confound attackers to the point where it becomes too hard or too costly for them to pursue a campaign.

Honeypots are a good example of a deception technology. But they are not the only available option, by far. Deception tools these days allow you to deploy decoys for virtually every hardware and software asset on your network. The tools — available from a fairly long and growing list of vendors — can be used to mimic your endpoint systems, servers, network components, applications and real data. From an attacker's perspective, the decoy systems will appear exactly like the real thing down to the operating system and software versions.

In addition to luring attackers away from your real assets, deception tools trick attackers into revealing their hands early. With deception systems, there is no question of false positives and false alerts. Anytime someone hits a decoy system you know it has to be an unfriendly actor because there is no reason for a legitimate user to want to access it. You can then either choose to shut down the attackers more quickly, or observe their moves and see what you can learn about the tactics, techniques and procedures.

Deception products can supplement the capabilities of your existing portfolio of security controls. They are not primarily designed to stop attacks from happening. Virtually no existing security tool or control can guarantee against a breach. Instead, deception tools can help you quickly and reliably spot intruders who have managed to penetrate your outer defenses in order to prevent them from moving laterally inside your network. That is a critical capability to have at a time when attackers have shown a growing ability to breach perimeter defenses and lie hidden on enterprise networks for extended periods of time. 

Laurence Pitt is the Strategic Director for Security with Juniper Networks' marketing organization in EMEA. He has over twenty years' experience of cyber security, having started out in systems design and moved through product management in areas from endpoint security to ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18934
PUBLISHED: 2019-11-19
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
CVE-2012-6070
PUBLISHED: 2019-11-19
Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.
CVE-2012-6071
PUBLISHED: 2019-11-19
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.
CVE-2012-6135
PUBLISHED: 2019-11-19
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
CVE-2016-10002
PUBLISHED: 2019-11-19
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.