The Use Of Intelligent Deception in Cyber Security

Uploaded on 2016-06-19 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Hackers

Hackers only need to be successful once, while organizations protecting sensitive information need to successfully thwart threats on a daily basis.

While tools that protect a network’s perimeter are undoubtedly an important part of an organization’s security architecture, no solution – whether it’s a firewall or antivirus software – can prevent every attack. This is because it’s not an even fight.

Given that it is virtually a guarantee that someone will make it past the security protecting the perimeter, every organization must have a plan in place to identify external and internal intruders as quick as possible. Unfortunately, this is not what typically transpires.

According to Verizon’s 2016 Data Breach Investigations Report (DBIR), it takes four out of five victims weeks (or even longer) to realize that they have been breached. By that time the hackers are often long gone. So what can be done? By implementing attractive, but realistic decoys, traps and mini-traps inside the organization, it is possible to con, lure and confuse intruders before valuable information is stolen.

How decoys work

Decoys counter sophisticated types of attack by applying techniques that entice attackers, fool and feed them false data, and provide an organization a forensic trail of the attacker’s movements and the option to react before the data is stolen.

Attackers that are able to get through the perimeter of a network are typically shrewd and familiar with the layout of a common corporate network. However, even the most experienced hackers are initially working with a handicap as they are still learning the inner workings of a specific network.

This is a weakness that organizations must exploit quickly by creating a mirage to confuse and lure in the attacker. This deception strategy is similar to what has been used in combat for centuries. Strategically placed decoys in the form of fake equipment and communications confuse the opposition and lure them away from their target, providing the opposition the advantage.

There are many aspects to creating a good decoy strategy, but ultimately, the most important component is making the decoys attractive and believable and placing them in the right locations.

It is also key to distribute the traps and mini-traps in a manner that lures attackers into the decoy. The mini-traps can be cookies, registry values, files, mounted drives, ARP table values – but all have fake credentials and fake data that attackers want and are searching for. However, it is important to make sure they aren’t too good to be true – they must mimic valuable assets that the company really has. Ultimately, the goal should be to trap the intruder within the initial activities.

Setting mini-traps

One of the key challenges in setting mini-traps to lure cybercriminals is to identify the best assets in the organization in which they should be planted. In order to do this, one should scan network traffic and analyze applications being used on each asset and profile the behavior associated with each network asset, and in turn, weigh the risks posed by its access. For example: an asset that never accesses any server in the organization – this is low risk. However, an asset that shows traces of mobile connectivity is high risk. To keep up with increasingly sophisticated cyber-attacks, it is important for IT to get into the mindset of intruders. Decoys are only effective if attackers enter them, and the most powerful mini-trap is useless in a server that’s rarely even used.

To draw attackers in, one need to look through their eyes to truly understand what assets are most attractive and what direction they might take to explore the organization. Once one knows the level of risk associated with each asset, mini-traps can be placed with little overhead and virtually no interference where they’ll be most effective, and ultimately provide the best protection.

Information-Management: 

« FTSE Company Boards Struggle with Cybersecurity Management
Iran Wants To Collect All Social Network Data »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

IS Decisions

IS Decisions

IS Decisions builds affordable and easy-to-use Access Management software solutions, allowing IT teams to effectively secure access to Active Directory infrastructures, SaaS apps and data within.

Ministry of Defence Georgia - Cyber Security Bureau

Ministry of Defence Georgia - Cyber Security Bureau

The aim of the Cyber Security Bureau is to establish and develop stable, effective and secure Information and Communication Technology systems for the Civil Office of MoD of Georgia.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

SecurityScorecard

SecurityScorecard

SecurityScorecard provides the most accurate security ratings & continuous risk monitoring for vendor and third party risk management.

Datacom Systems

Datacom Systems

Datacom Systems is a leading manufacturer of network visibility solutions.

Netresec

Netresec

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

Silverfort

Silverfort

Silverfort introduces the first security platform enabling adaptive authentication and identity theft prevention for sensitive user, device and resource throughout the entire organization.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

SecureAge Technology

SecureAge Technology

We’re a rapidly growing cybersecurity company with an 18-year history of ZERO Data breaches. Our security solutions place security and usability on equal footing. Learn more about our technology.

Involta

Involta

Involta orchestrates IT transformation journeys using well-defined and rigorous processes to deliver hybrid cloud solutions, consulting and data center services tailored to our clients’ needs.

B2Bcert

B2Bcert

B2BCERT one of the top companies offering ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 20000,CE Marking, HACCP, and other globally accepted standards and Management solutions.

Relatech

Relatech

Relatech is a Digital Enabler Solution Knowledge (D.E.S.K.) Company that offers digital services and solutions dedicated to the digital transformation of businesses.

PriorityZero

PriorityZero

PriorityZero is a European company focused on remote security assessments and consulting services that operates on a global scale.

Secure Domains

Secure Domains

Secure Domains is the first company in the GCC to offer cloud-based DNS firewall services and security through its flagship SaaS product, DNS Armor.