How to use deception to gain the advantage over cyber-attackers
Deception plays an essential role in any game of strategy, providing an opportunity to trick the opponent into exposing their weaknesses and leaving themselves vulnerable. Given its successes, the application of deceptive techniques has been a mainstay of military tactics, sports playbooks, and gambling for millennia.
From tricking a unit of horsemen into overextending their charge to diverting a bomber squadron away from genuine targets, well-placed decoys have delivered powerful results in both offence and defence. Decoys, when paired with lures, can be indispensable in fooling an adversary into engaging or in misdirecting and slowing down their efforts.
When it comes to cyber security, deception has historically been exclusively the domain of the attacker. Almost every cyber-attack involves deceptive techniques to some degree, typically via social engineering tactics designed to trick a target into sharing their login credentials or downloading malware.
Attackers will also hide in plain sight, masked as actual users, to avoid detection.
Deception has placed the advantage with the attackers, as they have the luxury of taking their time researching targets and preparing their tactics.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise