secure tablet

How Deception Technology Can Help You Detect Threats Early

Deploying automated decoys can help protect your network and reduce IT costs.

Deception is a frequently used tactic in both defensive and offensive strategies, from chess to duck hunting, and a tool that many security professionals have been using for years. Initially, when deception was used in network defense, it involved a human carefully interacting with an infiltrator to make them believe that they had achieved access to restricted data and to keep them occupied until the threat could be contained. Today, however, technological advancements have eliminated the need for direct human interaction and have increased the believability of decoys.

What Is Deception Technology?

Deception technology is the integration of deception tactics into security tools and automation, meant to attract intruders away from real assets and trap or detain them in areas modeled after real storage or network areas. By misdirecting the attacker early in the infiltration process, the technology can minimize the damage caused and gain an opportunity to learn from the attacker's methods and behavior while they are distracted.

The simplest form of deception technology is the classic honeypot: a planted store of data whose contents are designed to be appealing to attackers, such as decoy password lists, false databases, fake access to other regions and more. When an intruder enters a network, they are led by a trail of breadcrumbs straight to the honeypot, which is triggered to alert security and distract the intruder by feeding them engineered information.

In the past, these were handcrafted and manually deployed and monitored. Now, however, the technology has advanced to the point that monitoring can be fully automated and decoys can be generated based on scans of true network areas and data.

Currently, decoys are often deployed as mock networks running on the same infrastructure as the real networks. When an intruder attempts to enter the real network, they are directed to the false network and security is immediately notified. The decoys are never accessed by legitimate users so there are almost no false positives with these techniques and intruders become visible much more quickly than if security had to wait for behavior or malware detection based alerts to be notified.

Deception technology is relatively simple to create in-house but difficult to make convincing, so many adopters prefer to use a third-party solution, such as Attivo, Minerva Labs, Cynet or a big name like Symantec, to ensure that their decoys are as realistic as possible.

Several tactics are used in deception technology:

  • Honeypots: research versions are placed “in the wild” to gather information on attacker strategies and motivations, production versions are placed to slow down attackers
  • Honey users: users with implied privileged access planted in the hopes that intruders will attempt to use their log-in which is flagged to alert security upon use
  • Honey credentials: credentials with supposed access rights to larger network; alerts are sent to security if intruders attempt to use the credentials, allowing them to track criminal movement
  • Geo-tracking: files planted with tracking information that is activated upon transfer or opening, sending IP and location data back to security teams
  • Sink-Hole servers: servers that use traffic redirection to trick bots or malware into reporting back to law enforcement or "white hat" researchers instead of criminals

Benefits of Deception Technology

Deception technology tools provide significant benefits when it comes to early detection of intruders, which is key to minimizing the amount of damage a criminal can do. By isolating attackers in areas where there is minimal risk of damage, this technology grants security professionals the opportunity to not only test their currently used mechanisms, but to learn about the real-world behavior, motivations and tools that criminals use to damage organizations. Such information is vital to building stronger security policies and solutions.

Apart from intellectual and risk mitigation benefits, deception technology can be used to alleviate bottlenecks in security processes. A significant reduction in false positives means that time is not wasted verifying the legitimacy of alerts. The ability to automate deceptive technologies further reduces the amount of time dedicated to non-critical tasks.

Decoys are typically completely hidden from end-users, meaning they have no impact on productivity. This has the added benefit of making them effective against human attackers and intrusion tools regardless of whether they originate externally, internally or from third-party services.

Unlike other methods of intruder detection, deception technology produces high fidelity alerts, reducing the amount of time spent filtering through alert information to find what threats require action. This technology doesn’t rely on detection based on known signatures or behaviors, so all intrusions are immediately detected and flagged, regardless of what methods an attacker uses.

Once an intrusion is detected, attackers can be easily contained and monitored with minimal to no risk to the actual network. Other security strategies operate by ejecting intruders upon discovery to minimize damages, but this doesn’t give security researchers the chance to learn from an attacker’s behavior and denies them the opportunity to apply forensic information to improving production security systems.

Integration with automation also helps reduce IT budget costs and helps stretch security team productivity. Automation tools can discover new networks and assets, and auto-generate and deploy decoys. This ability to adapt deception layers to changing environments reduces the manual work of security and helps maximize system protection.

Deception technology is more easily deployed with devices that do not allow for the installation of traditional security agents due to lack of memory, firmware or compatibility issues. This makes it especially suitable for Internet of Things (IoT) devices, legacy systems or industry-specific devices.

Why Should You Add Decoys to Your Network?

Deception is a time-honored strategy that continues to prove effective. Although many security budgets and professionals are focused on active defense when it comes to protecting a network, the passive defense offered by deception technology can sometimes provide greater benefit to an enterprise.

Adding decoys to your network can give you the upper hand in terms of detection speed and grant valuable information needed for security innovation—both of which are vital to protecting your systems from increasingly aggressive cyber criminals.

Featured

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

  • DHS to End ‘Shoes-Off’ Travel Policy

    Homeland Security Secretary Kristi Noem announced a new policy today which will allow passengers traveling through domestic airports to keep their shoes on while passing through security screening at TSA checkpoints. Read Now

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.