Deception Tools and Techniques Offer Game-Changing Potential for Enterprise Security, Gartner Says
BY JAIKUMAR VIJAYAN • SEPTEMBER 2, 2015
Emerging deception tools and techniques, such as next-generation honeypots and decoy systems, could have a game-changing impact on enterprise security strategies. That’s according to a new Gartner report titled “Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities,” which examined the potential for organizations to use deception as a strategy for thwarting attackers and making it costlier for them to engage in threat campaigns.
According to Gartner, a new generation of distributed decoy technologies that employ deception as a way to misdirect intruders and disrupt their activities at multiple points along the attack chain are becoming available.
Enterprises should consider implementing such deception as an automated response capability because it represents a sea change in the future of enterprise security, wrote Lawrence Pingree, Gartner analyst and author of the report.
Ideally, the goal should be to implement a capability so that when an intrusion is detected, the threat actors and compromised systems are automatically isolated into a “network deception zone,” Pingree said in the report. They should be “provided with what is equivalent to a hall of mirrors, in which everything looks real, and everything looks fake,” he wrote.
Delay and Deflect
The effort should be to delay attackers and force them to spend more time and effort figuring out what is real and whether to proceed with an attack. Several existing security tools offer deception capabilities or can be relatively easily tweaked to provide a disruptive deception capability, Pingree said in the report.
Examples of specialized distributed decoy tools include those from vendors like Attivo Networks, TrapX, Cymmetria and GuardiCore. Tools from these vendors specialize in deceiving attackers into seeing things that are not there on the network or luring them into believing they have accomplished a task when they have not. Some tools, for instance, create fake systems and network components that look and act exactly like real assets.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise