Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/15/2017
10:00 AM
Ofer Israeli
Ofer Israeli
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Deception Technology: Prevention Reimagined

How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.

In discussions about cyberattacks, "when, not if" has become overused. We all know attacks are going to happen to every organization that depends on the Internet — which of course, is nearly every one. The risk of an attack is always present — and, in fact, malicious actors or software are probably present at most times in most environments.

Not so clear is what companies should do in the face of the ever-present threat. The idea is gaining ground that better security controls, alone, won't solve the problem. Companies that face those facts are making significant shifts in cyber strategy. Some ramp up investment in cyber insurance. Others are sharpening crisis-handling skills so they can respond better on the back side of a successful attack. Every organization must assess its risks and design its own formula.

However, prevention is not dead. While it may not be possible to prevent infiltration, it is possible to prevent the business impact using an approach that looks at the challenge through the attacker's lens and turns his own weapons against him. State-of-the-art deception technologies now make it more practical and cost-effective to put greater emphasis on identifying attacks in progress by identifying and engaging attackers in the early lateral movement stages in order to prevent attackers from ever reaching critical systems and data.

Who should make these investments? Every security leader should be giving these products serious consideration. Deception technology is no longer an "advanced" toolset reserved for the highly skilled. Reaping the benefits does not require an exceptionally mature cybersecurity infrastructure. In fact, in some cases, the organizations that benefit the most are those with serious gaps that need to quickly bolster protection. Because deception has evolved to leverage machine intelligence and automation, they can immediately empower teams of all skill levels to:

  • Improve detection of attacker presence
  • Identify their location in relation to critical systems
  • Accelerate forensic data collection and analysis
  • Improve cyber hygiene by identifying policy violations and advanced persistent threat risk factors so they can be corrected to reduce the attack surface

Proactive defense against advanced persistent threats or may be most urgent for security teams that face the challenge of supporting exceptionally dynamic business environments. The breakneck pace of digital transformation and smart device adoption, the growing dependence most organizations have on a wide range of third-party data-sharing, and proliferation of M&A activity in many industries are just some of the business trends that increase security gaps faster than even the best cyberteams can keep up with.

To enable their businesses to progress with confidence, these CISOs have to find ways of protecting essential assets even with attackers in their midst. For them, deception is not a luxury, a nice-to-have if there's room in the budget. It's a must-have — an essential tool to slow down and disrupt attackers without slowing down and disrupting the business.

Hear Ofer speak about "How to Make Deception Part of Your Cybersecurity Defense Strategy" on November 30 at the INsecurity Conference sponsored by Dark Reading.

 Related Content:

Having pioneered deception-based cybersecurity, founder and CEO of Illusive Networks Ofer Israeli leads the company at the forefront of the next evolution of cyber defense. Prior to establishing illusive networks, Ofer managed development teams based around the globe at ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Oliver.Rochford
50%
50%
Oliver.Rochford,
User Rank: Author
11/16/2017 | 4:27:52 AM
Great article
Deception is definitely coming of age. I have long been a proponent of using these technologies as an active early warning system to identify ongoing breaches early in the kill chain.
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6852
PUBLISHED: 2019-11-20
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har...
CVE-2019-6853
PUBLISHED: 2019-11-20
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.
CVE-2013-2092
PUBLISHED: 2019-11-20
Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php.
CVE-2013-2093
PUBLISHED: 2019-11-20
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
CVE-2015-3166
PUBLISHED: 2019-11-20
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as d...