secure tablet

How Deception Technology Can Help You Detect Threats Early

Deploying automated decoys can help protect your network and reduce IT costs.

  • By Gilad David Maayan
  • Aug 12, 2019

Deception is a frequently used tactic in both defensive and offensive strategies, from chess to duck hunting, and a tool that many security professionals have been using for years. Initially, when deception was used in network defense, it involved a human carefully interacting with an infiltrator to make them believe that they had achieved access to restricted data and to keep them occupied until the threat could be contained. Today, however, technological advancements have eliminated the need for direct human interaction and have increased the believability of decoys.

What Is Deception Technology?

Deception technology is the integration of deception tactics into security tools and automation, meant to attract intruders away from real assets and trap or detain them in areas modeled after real storage or network areas. By misdirecting the attacker early in the infiltration process, the technology can minimize the damage caused and gain an opportunity to learn from the attacker's methods and behavior while they are distracted.

The simplest form of deception technology is the classic honeypot: a planted store of data whose contents are designed to be appealing to attackers, such as decoy password lists, false databases, fake access to other regions and more. When an intruder enters a network, they are led by a trail of breadcrumbs straight to the honeypot, which is triggered to alert security and distract the intruder by feeding them engineered information.

In the past, these were handcrafted and manually deployed and monitored. Now, however, the technology has advanced to the point that monitoring can be fully automated and decoys can be generated based on scans of true network areas and data.

Currently, decoys are often deployed as mock networks running on the same infrastructure as the real networks. When an intruder attempts to enter the real network, they are directed to the false network and security is immediately notified. The decoys are never accessed by legitimate users so there are almost no false positives with these techniques and intruders become visible much more quickly than if security had to wait for behavior or malware detection based alerts to be notified.

Deception technology is relatively simple to create in-house but difficult to make convincing, so many adopters prefer to use a third-party solution, such as Attivo, Minerva Labs, Cynet or a big name like Symantec, to ensure that their decoys are as realistic as possible.

Several tactics are used in deception technology:

  • Honeypots: research versions are placed “in the wild” to gather information on attacker strategies and motivations, production versions are placed to slow down attackers
  • Honey users: users with implied privileged access planted in the hopes that intruders will attempt to use their log-in which is flagged to alert security upon use
  • Honey credentials: credentials with supposed access rights to larger network; alerts are sent to security if intruders attempt to use the credentials, allowing them to track criminal movement
  • Geo-tracking: files planted with tracking information that is activated upon transfer or opening, sending IP and location data back to security teams
  • Sink-Hole servers: servers that use traffic redirection to trick bots or malware into reporting back to law enforcement or "white hat" researchers instead of criminals

Benefits of Deception Technology

Deception technology tools provide significant benefits when it comes to early detection of intruders, which is key to minimizing the amount of damage a criminal can do. By isolating attackers in areas where there is minimal risk of damage, this technology grants security professionals the opportunity to not only test their currently used mechanisms, but to learn about the real-world behavior, motivations and tools that criminals use to damage organizations. Such information is vital to building stronger security policies and solutions.

Apart from intellectual and risk mitigation benefits, deception technology can be used to alleviate bottlenecks in security processes. A significant reduction in false positives means that time is not wasted verifying the legitimacy of alerts. The ability to automate deceptive technologies further reduces the amount of time dedicated to non-critical tasks.

Decoys are typically completely hidden from end-users, meaning they have no impact on productivity. This has the added benefit of making them effective against human attackers and intrusion tools regardless of whether they originate externally, internally or from third-party services.

Unlike other methods of intruder detection, deception technology produces high fidelity alerts, reducing the amount of time spent filtering through alert information to find what threats require action. This technology doesn’t rely on detection based on known signatures or behaviors, so all intrusions are immediately detected and flagged, regardless of what methods an attacker uses.

Once an intrusion is detected, attackers can be easily contained and monitored with minimal to no risk to the actual network. Other security strategies operate by ejecting intruders upon discovery to minimize damages, but this doesn’t give security researchers the chance to learn from an attacker’s behavior and denies them the opportunity to apply forensic information to improving production security systems.

Integration with automation also helps reduce IT budget costs and helps stretch security team productivity. Automation tools can discover new networks and assets, and auto-generate and deploy decoys. This ability to adapt deception layers to changing environments reduces the manual work of security and helps maximize system protection.

Deception technology is more easily deployed with devices that do not allow for the installation of traditional security agents due to lack of memory, firmware or compatibility issues. This makes it especially suitable for Internet of Things (IoT) devices, legacy systems or industry-specific devices.

Why Should You Add Decoys to Your Network?

Deception is a time-honored strategy that continues to prove effective. Although many security budgets and professionals are focused on active defense when it comes to protecting a network, the passive defense offered by deception technology can sometimes provide greater benefit to an enterprise.

Adding decoys to your network can give you the upper hand in terms of detection speed and grant valuable information needed for security innovation—both of which are vital to protecting your systems from increasingly aggressive cyber criminals.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • ISC West 2024 is a Rousing Success

    The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now

    • Industry Events
    • ISC West

  • Live From ISC West: Day 2

    What a great show ISC West 2024 has been so far. The second day on Thursday was as busy or even more hectic than the first. Remember to keep tabs on our Live From ISC West page for news and updates from the show floor at the Sands Expo, because there’s more news coming out than anyone could be expected to keep track of. Read Now

    • Industry Events
    • ISC West

  • A Unique Perspective on ISC West 2024

    Navigating a tradeshow post-knee surgery can be quite the endeavor, but utilizing an electric scooter adds an interesting twist to the experience. While it may initially feel like a limitation, it actually provides a unique perspective on traversing through the bustling crowds and expansive exhibition halls. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3