Cybersecurity software tool uses trickery to ward off potential threats from hackers
Researchers at the Pacific Northwest National Laboratory have come up with a cybersecurity software tool that builds on the old notion of honeypots, a way of tricking hackers into thinking they’ve gotten into your systems. The new technology is called Shadow Figment. Thomas Edgar, the labs senior cybersecurity scientist, joined Federal Drive with Tom Temin to talk about how it all works.
Tom Temin: And what is the current state of Shadow Figment? Is it a compiled runtime piece of software that someone can deploy?
Thomas Edgar: So, as a Department of Energy national lab, we don’t commercialize things, we don’t make products. So, for our efforts, we have prototypes that are developed that are actual operational kind of capabilities. But, we drive to get these to industry by licensing them. And so we have worked with Attivo Networks, which is a deception defense commercial entity that sells a platform. And we’ve licensed these technologies, and they’re working to integrate these concepts and capabilities into their commercial offering.
Tom Temin: Now the recent ransomware attacks against critical infrastructure players has really gone into their business systems and not into the control systems for, say, the Colonial Pipeline itself, or for, I think it was an agricultural place. Therefore, the ransomwares attackers had different motivation, perhaps then altering the course of a system of a piece of critical infrastructure. How can the front office of critical infrastructure operators kind of use this to interact between their business systems, and the systems that are the critical infrastructure operation controls themselves? If that make sense.
Thomas Edgar: Yep. So, you mentioned there’s a long history of honeypots. There was a resurgence about five, six years ago of honeypots as deception defense. And a lot of that was based on the ransomware campaigns. And so traditional deception defense in IT, a major use case of that was spun up to kind of provide traps for the ransomware getting in. And so a lot of the commercial entities today are already providing solutions from the IT side. The focus of ours is to translate those concepts and make them relevant into these OT systems. So, our fear is they pivot, they get in, and then we really start to have serious safety concerns.
Tom Temin: And have you had industry interest in this so far from the operators of critical infrastructure?
Thomas Edgar: Yeah, so we’ve talked to, through our interaction with Attivo Networks, they have some customers and different utilities, I can’t talk about details, but we have had multiple conversations with specific utilities, about their interest in these types of capabilities.
Tom Temin: And it sounds like, just to wind up here, that you need to keep working on this to keep a step ahead of the attackers because they can listen to the radio too, and check the news releases at the PNNL and know what you’re up to.
Thomas Edgar: Yeah, cybersecurity in general is always an arms race. We come up with some new stuff, and then the threats come up with ways to get around that. So, we’re always going to be in a cat and mouse game with the attackers. And so yes, continued research is always an important piece of this and making sure we can defend ourselves.
Listen to the podcast and read the full transcript on Federal News Network.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise