An introduction to deception technology
This article is first in a five-part series being developed by Dr. Edward Amoroso in conjunction with the deception technology team from Attivo Networks. The article provides an overview of the evolution of deception, including its use in the enterprise, with emphasis on the practical requirements that have emerged in recent years to counter the growing number and nature of malicious threats.
Purpose of deception for cyber
The idea of modern deception in cyber security involves creating a false perception of the attack surface for an adversary. The objective is to cause any malicious activity by that adversary to be adversely affected by the deception thus reducing risk and achieving an improved security posture for the organization. The approach, by design, would work for both human and automated adversaries, and would provide the same benefit of detecting insiders, suppliers, and external threats.
This issue of human versus automated control is equally relevant to both the offensive malicious actor and the defensive team employing the deception. In both cases, the functional goal of enacting a misleading environment to trick the adversary is the same. Both use diversionary measures to redirect normal activity from real assets toward a set of deceptive or fake assets that are put in place for defense. Both cases also address how an organization can significantly improve their overall security posture via deception.
The schema for any deceptive system is straightforward. Benign and malicious users each access a common interface, although schemes do exist where the deceptive interface is hidden from typical employee workflows, which highlights anyone really looking for an entry point. The common interface then includes functionality that redirects access to the deceptive system through use of deceptive lures and decoys. This is a powerful concept that changes the nature of cyber security risk management.
One challenge in any deception-based scheme is that an adversary might be capable, and not easily fooled by a phony entry point, interface, or service. Similarly, an automated attack such as from a botnet will not be swayed by any human or subjective hints or traps that might trick a human. This does not, however, remove the possibility that deception can prevent automated attacks, but rather – it changes the required strategy…
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise