Threat Intelligence

11/15/2017
10:00 AM
Ofer Israeli
Ofer Israeli
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Deception Technology: Prevention Reimagined

How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.

In discussions about cyberattacks, "when, not if" has become overused. We all know attacks are going to happen to every organization that depends on the Internet — which of course, is nearly every one. The risk of an attack is always present — and, in fact, malicious actors or software are probably present at most times in most environments.

Not so clear is what companies should do in the face of the ever-present threat. The idea is gaining ground that better security controls, alone, won't solve the problem. Companies that face those facts are making significant shifts in cyber strategy. Some ramp up investment in cyber insurance. Others are sharpening crisis-handling skills so they can respond better on the back side of a successful attack. Every organization must assess its risks and design its own formula.

However, prevention is not dead. While it may not be possible to prevent infiltration, it is possible to prevent the business impact using an approach that looks at the challenge through the attacker's lens and turns his own weapons against him. State-of-the-art deception technologies now make it more practical and cost-effective to put greater emphasis on identifying attacks in progress by identifying and engaging attackers in the early lateral movement stages in order to prevent attackers from ever reaching critical systems and data.

Who should make these investments? Every security leader should be giving these products serious consideration. Deception technology is no longer an "advanced" toolset reserved for the highly skilled. Reaping the benefits does not require an exceptionally mature cybersecurity infrastructure. In fact, in some cases, the organizations that benefit the most are those with serious gaps that need to quickly bolster protection. Because deception has evolved to leverage machine intelligence and automation, they can immediately empower teams of all skill levels to:

  • Improve detection of attacker presence
  • Identify their location in relation to critical systems
  • Accelerate forensic data collection and analysis
  • Improve cyber hygiene by identifying policy violations and advanced persistent threat risk factors so they can be corrected to reduce the attack surface

Proactive defense against advanced persistent threats or may be most urgent for security teams that face the challenge of supporting exceptionally dynamic business environments. The breakneck pace of digital transformation and smart device adoption, the growing dependence most organizations have on a wide range of third-party data-sharing, and proliferation of M&A activity in many industries are just some of the business trends that increase security gaps faster than even the best cyberteams can keep up with.

To enable their businesses to progress with confidence, these CISOs have to find ways of protecting essential assets even with attackers in their midst. For them, deception is not a luxury, a nice-to-have if there's room in the budget. It's a must-have — an essential tool to slow down and disrupt attackers without slowing down and disrupting the business.

Hear Ofer speak about "How to Make Deception Part of Your Cybersecurity Defense Strategy" on November 30 at the INsecurity Conference sponsored by Dark Reading.

 Related Content:

Having pioneered deception-based cybersecurity, founder and CEO of Illusive Networks Ofer Israeli leads the company at the forefront of the next evolution of cyber defense. Prior to establishing illusive networks, Ofer managed development teams based around the globe at ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Oliver.Rochford
50%
50%
Oliver.Rochford,
User Rank: Author
11/16/2017 | 4:27:52 AM
Great article
Deception is definitely coming of age. I have long been a proponent of using these technologies as an active early warning system to identify ongoing breaches early in the kill chain.
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Symantec Intros USB Scanning Tool for ICS Operators
Jai Vijayan, Freelance writer,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3988
PUBLISHED: 2018-12-10
Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the...
CVE-2018-10008
PUBLISHED: 2018-12-10
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended...
CVE-2018-10008
PUBLISHED: 2018-12-10
An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace br...
CVE-2018-10008
PUBLISHED: 2018-12-10
A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jen...
CVE-2018-10008
PUBLISHED: 2018-12-10
A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.