The Use Of Intelligent Deception in Cyber Security

Uploaded on 2016-06-19 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Hackers

Hackers only need to be successful once, while organizations protecting sensitive information need to successfully thwart threats on a daily basis.

While tools that protect a network’s perimeter are undoubtedly an important part of an organization’s security architecture, no solution – whether it’s a firewall or antivirus software – can prevent every attack. This is because it’s not an even fight.

Given that it is virtually a guarantee that someone will make it past the security protecting the perimeter, every organization must have a plan in place to identify external and internal intruders as quick as possible. Unfortunately, this is not what typically transpires.

According to Verizon’s 2016 Data Breach Investigations Report (DBIR), it takes four out of five victims weeks (or even longer) to realize that they have been breached. By that time the hackers are often long gone. So what can be done? By implementing attractive, but realistic decoys, traps and mini-traps inside the organization, it is possible to con, lure and confuse intruders before valuable information is stolen.

How decoys work

Decoys counter sophisticated types of attack by applying techniques that entice attackers, fool and feed them false data, and provide an organization a forensic trail of the attacker’s movements and the option to react before the data is stolen.

Attackers that are able to get through the perimeter of a network are typically shrewd and familiar with the layout of a common corporate network. However, even the most experienced hackers are initially working with a handicap as they are still learning the inner workings of a specific network.

This is a weakness that organizations must exploit quickly by creating a mirage to confuse and lure in the attacker. This deception strategy is similar to what has been used in combat for centuries. Strategically placed decoys in the form of fake equipment and communications confuse the opposition and lure them away from their target, providing the opposition the advantage.

There are many aspects to creating a good decoy strategy, but ultimately, the most important component is making the decoys attractive and believable and placing them in the right locations.

It is also key to distribute the traps and mini-traps in a manner that lures attackers into the decoy. The mini-traps can be cookies, registry values, files, mounted drives, ARP table values – but all have fake credentials and fake data that attackers want and are searching for. However, it is important to make sure they aren’t too good to be true – they must mimic valuable assets that the company really has. Ultimately, the goal should be to trap the intruder within the initial activities.

Setting mini-traps

One of the key challenges in setting mini-traps to lure cybercriminals is to identify the best assets in the organization in which they should be planted. In order to do this, one should scan network traffic and analyze applications being used on each asset and profile the behavior associated with each network asset, and in turn, weigh the risks posed by its access. For example: an asset that never accesses any server in the organization – this is low risk. However, an asset that shows traces of mobile connectivity is high risk. To keep up with increasingly sophisticated cyber-attacks, it is important for IT to get into the mindset of intruders. Decoys are only effective if attackers enter them, and the most powerful mini-trap is useless in a server that’s rarely even used.

To draw attackers in, one need to look through their eyes to truly understand what assets are most attractive and what direction they might take to explore the organization. Once one knows the level of risk associated with each asset, mini-traps can be placed with little overhead and virtually no interference where they’ll be most effective, and ultimately provide the best protection.

Information-Management: 

« FTSE Company Boards Struggle with Cybersecurity Management
Iran Wants To Collect All Social Network Data »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CDW

CDW

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada.

Equilibrium Security Services

Equilibrium Security Services

Equilibrium Security Services is a specialist cyber security company providing a full spectrum of IT security solutions from consultancy to design & implementation and managed security services.

Introspective Networks

Introspective Networks

Introspective Networks (IN) is a Cybersecurity company focusing on securing data in the network and automating knowledge work to decrease vulnerability points to critical infrastructure.

ESTsecurity

ESTsecurity

ESTsecurity is a leading company in cyber security providing intelligent security solutions to make world more secure.

California Cybersecurity Institute (CCI) - Cal poly

California Cybersecurity Institute (CCI) - Cal poly

The CCI provides a hands-on research and learning environment to explore new cyber technologies and train and test tactics alongside law enforcement and cyberforensics experts.

Resec Technologies

Resec Technologies

Resec provides total protection against all types of known and unknown malware threats including viruses, Trojans, ransomware and phishing, regardless of their delivery method.

SpyCloud

SpyCloud

SpyCloud is a leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations.

IT Band Systems

IT Band Systems

IT Band Systems is an international provider of IT products and services including web server monitoring and web security consulting.

Titan Labs

Titan Labs

Titan Labs is a Cyber Security Consultancy that provides advice and technical expertise to government, international finance and telecommunications providers.

CYSIAM

CYSIAM

CYSIAM provides world-leading expertise in offensive security and critical incident response. We train our clients to be able to protect themselves and respond to attacks and breaches when they occur.

CloudScale365

CloudScale365

CloudScale365 offers state-of-the-art managed IT services and cloud, hosting, security, and business continuity solutions.

BlueCat Networks

BlueCat Networks

BlueCat is the Adaptive DNS company. Our mission is to help the world’s largest organizations thrive on network complexity, from the edge to the core.

Amyna Systems

Amyna Systems

Amyna has developed an IoT cybersecurity platform that prevents malignant attacks, helping users to protect themselves from cyberattacks.

TeamT5

TeamT5

TeamT5 Inc. is a leading cybersecurity company dedicated to cyber threat research and solutions.

Cyberscope

Cyberscope

Cyberscope is a Web3 security firm specializing in smart contract audits, crypto security audits, and blockchain vulnerability assessments.

Mitigata

Mitigata

Welcome to Mitigata, your premier partner in cybersecurity insurance, defence, compliance, and consultancy.