The Use Of Intelligent Deception in Cyber Security

Hackers only need to be successful once, while organizations protecting sensitive information need to successfully thwart threats on a daily basis.

While tools that protect a network’s perimeter are undoubtedly an important part of an organization’s security architecture, no solution – whether it’s a firewall or antivirus software – can prevent every attack. This is because it’s not an even fight.

Given that it is virtually a guarantee that someone will make it past the security protecting the perimeter, every organization must have a plan in place to identify external and internal intruders as quick as possible. Unfortunately, this is not what typically transpires.

According to Verizon’s 2016 Data Breach Investigations Report (DBIR), it takes four out of five victims weeks (or even longer) to realize that they have been breached. By that time the hackers are often long gone. So what can be done? By implementing attractive, but realistic decoys, traps and mini-traps inside the organization, it is possible to con, lure and confuse intruders before valuable information is stolen.

How decoys work

Decoys counter sophisticated types of attack by applying techniques that entice attackers, fool and feed them false data, and provide an organization a forensic trail of the attacker’s movements and the option to react before the data is stolen.

Attackers that are able to get through the perimeter of a network are typically shrewd and familiar with the layout of a common corporate network. However, even the most experienced hackers are initially working with a handicap as they are still learning the inner workings of a specific network.

This is a weakness that organizations must exploit quickly by creating a mirage to confuse and lure in the attacker. This deception strategy is similar to what has been used in combat for centuries. Strategically placed decoys in the form of fake equipment and communications confuse the opposition and lure them away from their target, providing the opposition the advantage.

There are many aspects to creating a good decoy strategy, but ultimately, the most important component is making the decoys attractive and believable and placing them in the right locations.

It is also key to distribute the traps and mini-traps in a manner that lures attackers into the decoy. The mini-traps can be cookies, registry values, files, mounted drives, ARP table values – but all have fake credentials and fake data that attackers want and are searching for. However, it is important to make sure they aren’t too good to be true – they must mimic valuable assets that the company really has. Ultimately, the goal should be to trap the intruder within the initial activities.

Setting mini-traps

One of the key challenges in setting mini-traps to lure cybercriminals is to identify the best assets in the organization in which they should be planted. In order to do this, one should scan network traffic and analyze applications being used on each asset and profile the behavior associated with each network asset, and in turn, weigh the risks posed by its access. For example: an asset that never accesses any server in the organization – this is low risk. However, an asset that shows traces of mobile connectivity is high risk. To keep up with increasingly sophisticated cyber-attacks, it is important for IT to get into the mindset of intruders. Decoys are only effective if attackers enter them, and the most powerful mini-trap is useless in a server that’s rarely even used.

To draw attackers in, one need to look through their eyes to truly understand what assets are most attractive and what direction they might take to explore the organization. Once one knows the level of risk associated with each asset, mini-traps can be placed with little overhead and virtually no interference where they’ll be most effective, and ultimately provide the best protection.

Information-Management: 

« FTSE Company Boards Struggle with Cybersecurity Management
Iran Wants To Collect All Social Network Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Security Magazine

Security Magazine

Security, the business magazine for security executives, focuses on management issues facing top security professionals and effective solutions being employed, both physical and cyber.

Kaseya

Kaseya

Kaseya is a premier provider of unified IT management and security software for managed service providers (MSPs) and small to medium-sized businesses (SMBS).

Qolcom

Qolcom

Qolcom is a leading UK based integrator of secure wireless network and mobile device management solutions.

Paladion

Paladion

Paladion is a provider of managed IT security services.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

Cradlepoint

Cradlepoint

With Cradlepoint customers leverage the speed and economics of wired and wireless Internet broadband for branch, mobile, and IoT networks while maintaining end-to-end visibility, security and control.

Digittrade

Digittrade

Digittrade develop and produce external encrypted hard disks and secure communications apps.

Infosistem

Infosistem

Infosistem is a Croatian ICT company with extensive expertise and experience in enterprise and SMB ICT projects and solutions.

TechStak

TechStak

TechStak is the easiest way for businesses to find and connect with IT Pros and other technology solution providers in their area.

Basque Digital Innovation Hub (BDIH)

Basque Digital Innovation Hub (BDIH)

The aim of the BDIH initiative is to provide industrial enterprises, especially SMEs, with the technological capabilities needed to meet the challenges of industry 4.0.

Injazat

Injazat

Injazat Data Systems is an industry recognized market leader in the Gulf region for Information Technology, Data Center and Managed Services.

Sovrin Foundation

Sovrin Foundation

The Sovrin Foundation is a private-sector, international non-profit that was established to govern the world's first self-sovereign identity (SSI) network.

BreachQuest

BreachQuest

BreachQuest brings together cybersecurity experts with decades of experience identifying security flaws, penetrating networks, and responding to incidents.

HiScout

HiScout

HiScout is your integrated management system for IT governance, risk & compliance.

Nomios

Nomios

Nomios develops innovative solutions for your security and network challenges. We design, secure and manage your digital infrastructure.

Pessimistic Security

Pessimistic Security

The team behind Pessimistic helps blockchain startups meet modern security challenges since 2017.

Onyxia Cyber

Onyxia Cyber

Onyxia's unique dynamic cybersecurity platform identifies gaps and prioritizes recommendations for proactive cybersecurity strategy, performance, remediation and management.

Advanced IT

Advanced IT

Reliable managed IT Security & support services that will help you take your business operations to the next level without breaking the bank!