Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/15/2017
10:00 AM
Ofer Israeli
Ofer Israeli
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Deception Technology: Prevention Reimagined

How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.

In discussions about cyberattacks, "when, not if" has become overused. We all know attacks are going to happen to every organization that depends on the Internet — which of course, is nearly every one. The risk of an attack is always present — and, in fact, malicious actors or software are probably present at most times in most environments.

Not so clear is what companies should do in the face of the ever-present threat. The idea is gaining ground that better security controls, alone, won't solve the problem. Companies that face those facts are making significant shifts in cyber strategy. Some ramp up investment in cyber insurance. Others are sharpening crisis-handling skills so they can respond better on the back side of a successful attack. Every organization must assess its risks and design its own formula.

However, prevention is not dead. While it may not be possible to prevent infiltration, it is possible to prevent the business impact using an approach that looks at the challenge through the attacker's lens and turns his own weapons against him. State-of-the-art deception technologies now make it more practical and cost-effective to put greater emphasis on identifying attacks in progress by identifying and engaging attackers in the early lateral movement stages in order to prevent attackers from ever reaching critical systems and data.

Who should make these investments? Every security leader should be giving these products serious consideration. Deception technology is no longer an "advanced" toolset reserved for the highly skilled. Reaping the benefits does not require an exceptionally mature cybersecurity infrastructure. In fact, in some cases, the organizations that benefit the most are those with serious gaps that need to quickly bolster protection. Because deception has evolved to leverage machine intelligence and automation, they can immediately empower teams of all skill levels to:

  • Improve detection of attacker presence
  • Identify their location in relation to critical systems
  • Accelerate forensic data collection and analysis
  • Improve cyber hygiene by identifying policy violations and advanced persistent threat risk factors so they can be corrected to reduce the attack surface

Proactive defense against advanced persistent threats or may be most urgent for security teams that face the challenge of supporting exceptionally dynamic business environments. The breakneck pace of digital transformation and smart device adoption, the growing dependence most organizations have on a wide range of third-party data-sharing, and proliferation of M&A activity in many industries are just some of the business trends that increase security gaps faster than even the best cyberteams can keep up with.

To enable their businesses to progress with confidence, these CISOs have to find ways of protecting essential assets even with attackers in their midst. For them, deception is not a luxury, a nice-to-have if there's room in the budget. It's a must-have — an essential tool to slow down and disrupt attackers without slowing down and disrupting the business.

Hear Ofer speak about "How to Make Deception Part of Your Cybersecurity Defense Strategy" on November 30 at the INsecurity Conference sponsored by Dark Reading.

 Related Content:

Having pioneered deception-based cybersecurity, founder and CEO of Illusive Networks Ofer Israeli leads the company at the forefront of the next evolution of cyber defense. Prior to establishing illusive networks, Ofer managed development teams based around the globe at ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Oliver.Rochford
50%
50%
Oliver.Rochford,
User Rank: Author
11/16/2017 | 4:27:52 AM
Great article
Deception is definitely coming of age. I have long been a proponent of using these technologies as an active early warning system to identify ongoing breaches early in the kill chain.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16137
PUBLISHED: 2020-08-12
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to reset the credentials for the SSH administrative console to arbitrary values. Note: We cannot prove this vulnerability exists. Out of an abundance of ...
CVE-2020-16138
PUBLISHED: 2020-08-12
** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being ...
CVE-2020-16139
PUBLISHED: 2020-08-12
** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE i...
CVE-2020-16186
PUBLISHED: 2020-08-12
A stored Cross-site scripting (XSS) vulnerability in Firco Continuity 6.2.0.0 allows remote unauthenticated attackers to inject arbitrary web script or HTML through the username field of the login page.
CVE-2020-8904
PUBLISHED: 2020-08-12
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (en...