Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/15/2017
10:00 AM
Ofer Israeli
Ofer Israeli
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Deception Technology: Prevention Reimagined

How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.

In discussions about cyberattacks, "when, not if" has become overused. We all know attacks are going to happen to every organization that depends on the Internet — which of course, is nearly every one. The risk of an attack is always present — and, in fact, malicious actors or software are probably present at most times in most environments.

Not so clear is what companies should do in the face of the ever-present threat. The idea is gaining ground that better security controls, alone, won't solve the problem. Companies that face those facts are making significant shifts in cyber strategy. Some ramp up investment in cyber insurance. Others are sharpening crisis-handling skills so they can respond better on the back side of a successful attack. Every organization must assess its risks and design its own formula.

However, prevention is not dead. While it may not be possible to prevent infiltration, it is possible to prevent the business impact using an approach that looks at the challenge through the attacker's lens and turns his own weapons against him. State-of-the-art deception technologies now make it more practical and cost-effective to put greater emphasis on identifying attacks in progress by identifying and engaging attackers in the early lateral movement stages in order to prevent attackers from ever reaching critical systems and data.

Who should make these investments? Every security leader should be giving these products serious consideration. Deception technology is no longer an "advanced" toolset reserved for the highly skilled. Reaping the benefits does not require an exceptionally mature cybersecurity infrastructure. In fact, in some cases, the organizations that benefit the most are those with serious gaps that need to quickly bolster protection. Because deception has evolved to leverage machine intelligence and automation, they can immediately empower teams of all skill levels to:

  • Improve detection of attacker presence
  • Identify their location in relation to critical systems
  • Accelerate forensic data collection and analysis
  • Improve cyber hygiene by identifying policy violations and advanced persistent threat risk factors so they can be corrected to reduce the attack surface

Proactive defense against advanced persistent threats or may be most urgent for security teams that face the challenge of supporting exceptionally dynamic business environments. The breakneck pace of digital transformation and smart device adoption, the growing dependence most organizations have on a wide range of third-party data-sharing, and proliferation of M&A activity in many industries are just some of the business trends that increase security gaps faster than even the best cyberteams can keep up with.

To enable their businesses to progress with confidence, these CISOs have to find ways of protecting essential assets even with attackers in their midst. For them, deception is not a luxury, a nice-to-have if there's room in the budget. It's a must-have — an essential tool to slow down and disrupt attackers without slowing down and disrupting the business.

Hear Ofer speak about "How to Make Deception Part of Your Cybersecurity Defense Strategy" on November 30 at the INsecurity Conference sponsored by Dark Reading.

 Related Content:

Having pioneered deception-based cybersecurity, founder and CEO of Illusive Networks Ofer Israeli leads the company at the forefront of the next evolution of cyber defense. Prior to establishing illusive networks, Ofer managed development teams based around the globe at ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Oliver.Rochford
50%
50%
Oliver.Rochford,
User Rank: Author
11/16/2017 | 4:27:52 AM
Great article
Deception is definitely coming of age. I have long been a proponent of using these technologies as an active early warning system to identify ongoing breaches early in the kill chain.
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16395
PUBLISHED: 2019-09-17
GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.
CVE-2019-16396
PUBLISHED: 2019-09-17
GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.
CVE-2019-16199
PUBLISHED: 2019-09-17
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.
CVE-2019-16391
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
CVE-2019-16392
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.