The Use Of Intelligent Deception in Cyber Security

Uploaded on 2016-06-19 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Hackers

Hackers only need to be successful once, while organizations protecting sensitive information need to successfully thwart threats on a daily basis.

While tools that protect a network’s perimeter are undoubtedly an important part of an organization’s security architecture, no solution – whether it’s a firewall or antivirus software – can prevent every attack. This is because it’s not an even fight.

Given that it is virtually a guarantee that someone will make it past the security protecting the perimeter, every organization must have a plan in place to identify external and internal intruders as quick as possible. Unfortunately, this is not what typically transpires.

According to Verizon’s 2016 Data Breach Investigations Report (DBIR), it takes four out of five victims weeks (or even longer) to realize that they have been breached. By that time the hackers are often long gone. So what can be done? By implementing attractive, but realistic decoys, traps and mini-traps inside the organization, it is possible to con, lure and confuse intruders before valuable information is stolen.

How decoys work

Decoys counter sophisticated types of attack by applying techniques that entice attackers, fool and feed them false data, and provide an organization a forensic trail of the attacker’s movements and the option to react before the data is stolen.

Attackers that are able to get through the perimeter of a network are typically shrewd and familiar with the layout of a common corporate network. However, even the most experienced hackers are initially working with a handicap as they are still learning the inner workings of a specific network.

This is a weakness that organizations must exploit quickly by creating a mirage to confuse and lure in the attacker. This deception strategy is similar to what has been used in combat for centuries. Strategically placed decoys in the form of fake equipment and communications confuse the opposition and lure them away from their target, providing the opposition the advantage.

There are many aspects to creating a good decoy strategy, but ultimately, the most important component is making the decoys attractive and believable and placing them in the right locations.

It is also key to distribute the traps and mini-traps in a manner that lures attackers into the decoy. The mini-traps can be cookies, registry values, files, mounted drives, ARP table values – but all have fake credentials and fake data that attackers want and are searching for. However, it is important to make sure they aren’t too good to be true – they must mimic valuable assets that the company really has. Ultimately, the goal should be to trap the intruder within the initial activities.

Setting mini-traps

One of the key challenges in setting mini-traps to lure cybercriminals is to identify the best assets in the organization in which they should be planted. In order to do this, one should scan network traffic and analyze applications being used on each asset and profile the behavior associated with each network asset, and in turn, weigh the risks posed by its access. For example: an asset that never accesses any server in the organization – this is low risk. However, an asset that shows traces of mobile connectivity is high risk. To keep up with increasingly sophisticated cyber-attacks, it is important for IT to get into the mindset of intruders. Decoys are only effective if attackers enter them, and the most powerful mini-trap is useless in a server that’s rarely even used.

To draw attackers in, one need to look through their eyes to truly understand what assets are most attractive and what direction they might take to explore the organization. Once one knows the level of risk associated with each asset, mini-traps can be placed with little overhead and virtually no interference where they’ll be most effective, and ultimately provide the best protection.

Information-Management: 

« FTSE Company Boards Struggle with Cybersecurity Management
Iran Wants To Collect All Social Network Data »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

iXsystems

iXsystems

iXsystems is a leader in Open-Source enterprise server and storage solutions including Backup & Recovery to protect critical data.

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab conducts research into predictive security analytics.

CYBERPOL

CYBERPOL

CYBERPOL is the leading Public Utility Agency for investigating cyber crimes and cyber attacks by criminals, international adversaries.

PortSwigger

PortSwigger

PortSwigger's Burp Suite is an integrated platform for performing security testing of web applications.

Spherical Defense

Spherical Defense

Spherical Defense offers an alternative approach to WAFs and first generation API security tools.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

Cloud GRC

Cloud GRC

Cloud GRC is an innovative cybersecurity company with solutions and expertise in Cybersecurity Strategies & Frameworks, Threat & Risk Assessment, Cloud Security, and Regulatory Compliance Requirements

ISTC Foundation

ISTC Foundation

ISTC Foundation is one of the leading innovation centers in Armenia, founded by joint initiative of IBM, USAID, Armenian Government and Enterprise Incubator Foundation.

Guardian Digital

Guardian Digital

Guardian Digital makes email safe for business. Threat-ready business email protection. Fully supported.

Intrepid Solutions & Services

Intrepid Solutions & Services

Intrepid Solutions and Services provides technology solutions and professional services to key components of the intelligence and national security communities.

Innefu Labs

Innefu Labs

Innefu is an Information Security R&D startup, providing cutting edge Information Security & Data Analytics solutions.

Anvilogic

Anvilogic

Anvilogic provides a unifying experience for security professionals aimed at providing improved visibility, enrichment, and context across hundreds of alerting datasets and security tools.

Identity Digital

Identity Digital

Identity Digital simplifies and connects a fragmented online world with domain names and related technologies that allow people and businesses to build, market and own their digital identities.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.

Wired Assurance

Wired Assurance

Wired Assurance is a testing and assurance company, specialized in software applications and blockchain smart contracts.

Cassini

Cassini

Cassini Cyber Threat Intelligence (CTI) helps protect your organisation from cyber attacks using threat intelligence from trusted New Zealand agencies.