Artificial intelligence and machine learning may be the rising force for security defenses, but deception technology—often used as misinformation during warfare or camouflage in battle or nature—has powerful properties without the mathematical complexity.
Phishing, social engineering and drive-by attacks often use deception to lure users to click, open and enable multi-stage attacks, so deception technology is a natural defense.
Here are five ways deception can change cybersecurity defenses for the better.
1. New and enhanced focus over prevention
Prevention has been the primary cyber defense for decades with firewalls, anti-virus and patching. As perimeters fade and more than half of attacks do not use malware, our ability to improve detection of external intruders, malware and insiders becomes a new focus.
Often measured in dwell time or mean-time-to-detect (MTTR), the numbers show months and days of hidden intruders in our networks. Knowing what attackers’ desire creates the opportunity for deception to lure, detect and defend against attacks that evade preventive defenses.
2. Early post-breach detection
Capture the flag and red versus blue team exercises teach us that months and days are really hours and minutes for the pace of how fast an attacker can learn a new environment and quickly lower their noise level.
Attacks are most vulnerable when they first enter a network and compromise a foothold system, making the focus on early post breach detection very critical for detection. Deception defenses provide an advantage with breadcrumbs on real assets to then lure attacks upon entry to decoys to detect and defend.
3. Fewer false positives, less friction and low risk
Alert fatigue, false positive and dead ends waste critical time and resources within security operations if they are even being analyzed at all. The noise factor is too high, and deception is a breath of fresh air with high fidelity alerts and few false positives.
Deception is also low risk as an unknown defense to users with no impact on operations, or risk to data and resources. When an attacker accesses or uses part of a deception layer, the alert is real and needs immediate attention where deception telemetry provides the required details.
4. Scale automation without adding resources
Very few security teams get annual budget increases and new headcount positions, they must protect and serve more effectively and efficiently year over year with the status quo.
Deception with automation can scale to discover networks and profile assets to then auto generate and deploy decoys, plus adapt deception layers to changing environments. Automation takes the manual effort away, enabling a tier one security analyst to leverage deception defenses in less than one hour per day.
5. Detection for IoT, legacy systems, healthcare, etc.
When possible having a security agent on devices provides optimal on and off the grid security to prevent and detect. However, not all devices are open to install security agents due to a lack of memory, firmware, manufacturer support or a host of other reasons.
Deception changes cybersecurity by providing unique breadcrumbs and decoys for legacy systems, industry specific environments and devices, plus the Internet of Things (IoT) where low cost often prohibits security features.
Deploy the decoys
With decoys you can immediately change your cybersecurity defenses for the better, but with today’s threat landscape, organizations must continually ask themselves: “Once inside, what does an attacker access or use to alert us?”
Deception technology helps answer that question. It enables you to detect threats and data leakage attempts faster and more effectively with automated investigation and response, ultimately giving you the ability to terminate an attack in progress.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.