Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
2/27/2018
09:00 AM
Laurence Pitt
Laurence Pitt
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Misleading Cyber Foes with Deception Technology

Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks.

During the Second World War, a unit of the Allied Forces called the Ghost Army used rubber airplanes, inflatable tanks and other props to fool German commanders into thinking they were dealing with a bigger military force than in reality. One of their many subterfuges was to get Axis forces to think an entire Allied Army unit was in a particular area when in fact there was none. Such deception and strategic trickery has been a staple of warfare through history, and is an approach that a growing number of organizations have now begun employing in cyberspace as well.

Gartner defines deception technologies as a class of products that use "deceits, decoys and/or tricks" to stop, throw off or delay an attacker, disrupt automated malware tools and to detect attacks. Analysts at Technavio estimate the global demand for deception tools to grow at 10% annually to around $1.5 billion by 2021.

Deception tools are basically decoys of real systems that can be deployed at multiple points on the network to keep intruders away from your real assets. They work by getting malicious actors to chase down non-existent targets, luring attackers into traps, and keeping them engaged long enough for security teams to understand their activities. The goal is to confuse and confound attackers to the point where it becomes too hard or too costly for them to pursue a campaign.

Honeypots are a good example of a deception technology. But they are not the only available option, by far. Deception tools these days allow you to deploy decoys for virtually every hardware and software asset on your network. The tools — available from a fairly long and growing list of vendors — can be used to mimic your endpoint systems, servers, network components, applications and real data. From an attacker's perspective, the decoy systems will appear exactly like the real thing down to the operating system and software versions.

In addition to luring attackers away from your real assets, deception tools trick attackers into revealing their hands early. With deception systems, there is no question of false positives and false alerts. Anytime someone hits a decoy system you know it has to be an unfriendly actor because there is no reason for a legitimate user to want to access it. You can then either choose to shut down the attackers more quickly, or observe their moves and see what you can learn about the tactics, techniques and procedures.

Deception products can supplement the capabilities of your existing portfolio of security controls. They are not primarily designed to stop attacks from happening. Virtually no existing security tool or control can guarantee against a breach. Instead, deception tools can help you quickly and reliably spot intruders who have managed to penetrate your outer defenses in order to prevent them from moving laterally inside your network. That is a critical capability to have at a time when attackers have shown a growing ability to breach perimeter defenses and lie hidden on enterprise networks for extended periods of time. 

Laurence Pitt is the Strategic Director for Security with Juniper Networks' marketing organization in EMEA. He has over twenty years' experience of cyber security, having started out in systems design and moved through product management in areas from endpoint security to ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12242
PUBLISHED: 2018-09-19
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.
CVE-2018-12243
PUBLISHED: 2018-09-19
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths i...
CVE-2018-14792
PUBLISHED: 2018-09-19
WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files.
CVE-2018-16607
PUBLISHED: 2018-09-19
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
CVE-2018-16785
PUBLISHED: 2018-09-19
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell