Active Defense: How Deception Has Changed Cybersecurity
The patterns of cyber attacks are well known and so are the targets. The bad guys are seeking to break in to get valuable data or take actions that benefit them, and want to go undetected for as long as possible. There are a number of solutions out there dedicated to prevention, system lock-down, prevention of lateral movement, and otherwise detecting anomalous behavior.
The challenge for detection, however, is how to do this faster and more comprehensively, with the highest chances of success, while minimizing operational overhead and false positives. That’s where the technique of deception, which is now being realized in a variety of products, is vitally important.
Deception is the evolution of something that used to be done externally to find nefarious actors, and it has its origins in the idea of the honey pot — external sites that would attract people who had bad intentions so that they could be identified. While honey pots were often used by security researchers, it was not a popular technique for enterprises. Deception essentially takes a new approach and moves threat deception inside the network, offering more valuable insight into threats that have penetrated perimeter defenses. And in doing so, it offers a way in which to generate only high-fidelity alerts and to arguably reduce the time to detect an attack dramatically.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise