In These (Use) Cases, It’s Ok To Lie
From childhood, we were taught never to lie. Deception is bad and cheaters never win.
But what happens when your opponent is blatantly using deception to tip the odds in their favor? At what point must you adapt to level the playing field and have a fighting chance at beating your opponent? Barton Whaley once wrote that “In combat, deception can strengthen the weaker side. Moreover, when all other factors are equal, the more deceptive player or team will always win.” This situation is the epitome of reality when applied in the world of cyber warfare.
Cybercriminals use deception to trick users into clicking on phishing emails, accidentally downloading malware, and inadvertently sharing login credentials. They also use tactics to keep their presence hidden below the noise level so that they can continue to quietly escalate their attacks. On the other hand, cyber defenders have tried to win the game by pursuing these adversaries by looking at behaviors and logs to assess anomalous behavior. Essentially, they are reacting to actions taken, learning from them, and then pursuing their opponent with the intelligence and forensic evidence they can gather. It is a time-intensive process that also requires the security team to have to cull through and correlate attack information, which in many cases can also be infused with false-positive data.
Read the full article in Cyber Security Magazine.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise