The Use Of Intelligent Deception in Cyber Security

Uploaded on 2016-06-19 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Hackers

Hackers only need to be successful once, while organizations protecting sensitive information need to successfully thwart threats on a daily basis.

While tools that protect a network’s perimeter are undoubtedly an important part of an organization’s security architecture, no solution – whether it’s a firewall or antivirus software – can prevent every attack. This is because it’s not an even fight.

Given that it is virtually a guarantee that someone will make it past the security protecting the perimeter, every organization must have a plan in place to identify external and internal intruders as quick as possible. Unfortunately, this is not what typically transpires.

According to Verizon’s 2016 Data Breach Investigations Report (DBIR), it takes four out of five victims weeks (or even longer) to realize that they have been breached. By that time the hackers are often long gone. So what can be done? By implementing attractive, but realistic decoys, traps and mini-traps inside the organization, it is possible to con, lure and confuse intruders before valuable information is stolen.

How decoys work

Decoys counter sophisticated types of attack by applying techniques that entice attackers, fool and feed them false data, and provide an organization a forensic trail of the attacker’s movements and the option to react before the data is stolen.

Attackers that are able to get through the perimeter of a network are typically shrewd and familiar with the layout of a common corporate network. However, even the most experienced hackers are initially working with a handicap as they are still learning the inner workings of a specific network.

This is a weakness that organizations must exploit quickly by creating a mirage to confuse and lure in the attacker. This deception strategy is similar to what has been used in combat for centuries. Strategically placed decoys in the form of fake equipment and communications confuse the opposition and lure them away from their target, providing the opposition the advantage.

There are many aspects to creating a good decoy strategy, but ultimately, the most important component is making the decoys attractive and believable and placing them in the right locations.

It is also key to distribute the traps and mini-traps in a manner that lures attackers into the decoy. The mini-traps can be cookies, registry values, files, mounted drives, ARP table values – but all have fake credentials and fake data that attackers want and are searching for. However, it is important to make sure they aren’t too good to be true – they must mimic valuable assets that the company really has. Ultimately, the goal should be to trap the intruder within the initial activities.

Setting mini-traps

One of the key challenges in setting mini-traps to lure cybercriminals is to identify the best assets in the organization in which they should be planted. In order to do this, one should scan network traffic and analyze applications being used on each asset and profile the behavior associated with each network asset, and in turn, weigh the risks posed by its access. For example: an asset that never accesses any server in the organization – this is low risk. However, an asset that shows traces of mobile connectivity is high risk. To keep up with increasingly sophisticated cyber-attacks, it is important for IT to get into the mindset of intruders. Decoys are only effective if attackers enter them, and the most powerful mini-trap is useless in a server that’s rarely even used.

To draw attackers in, one need to look through their eyes to truly understand what assets are most attractive and what direction they might take to explore the organization. Once one knows the level of risk associated with each asset, mini-traps can be placed with little overhead and virtually no interference where they’ll be most effective, and ultimately provide the best protection.

Information-Management: 

« FTSE Company Boards Struggle with Cybersecurity Management
Iran Wants To Collect All Social Network Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Blueliv

Blueliv

Blueliv is a leading provider of targeted cyber threat information and intelligence. We deliver automated and actionable threat intelligence to protect the enterprise and manage your digital risk.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

DeviceLock

DeviceLock

DeviceLock is a leading provider of endpoint device/port control and data leak prevention software.

Labris Networks

Labris Networks

Labris Networks specializes in DDoS mitigation, NG Firewall, Unified Threat Management, Centralized Management, Regulatory Compliances and SOC/CERT Services.

Cyber Resilient Energy Delivery Consortium (CREDC)

Cyber Resilient Energy Delivery Consortium (CREDC)

CREDC performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS).

IronNet Cybersecurity

IronNet Cybersecurity

IronNet’s product and services provide enterprise-wide security management and visibility of your network, users and assets.

Empiric

Empiric

Empiric is a multi-award winning technology and transformation recruitment agency specialising in data, digital, cloud and security.

Data Security Inc

Data Security Inc

Data Security, Inc. is the leading American manufacturer and supplier of hard drive degaussers, magnetic tape degaussers as well as hard drive and solid state destruction devices.

White & Black

White & Black

White & Black are specialist corporate & technology lawyers based in London & Oxford.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

Vantage Point Security

Vantage Point Security

Vantage Point are specialists in penetration testing and application security with a focus on the industries undergoing rapid digital transformation.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.

Accenture

Accenture

Accenture is a leading global professional services company providing a range of strategy, consulting, digital, technology & operations services and solutions including cybersecurity.

Cyrex

Cyrex

Cyrex is a Web3 security and development company. Our mastery over decentralized applications, smart contracts and blockchain will keep you secure across Web3.

PRE Security

PRE Security

PRE Security is leading the transition into the next era of AI cybersecurity with a new model: Predict & Prevent.