Written by: Mackenzie Blaisdell, Senior Manager of Online Programs – Whether you are still soaking up the last few moments of the holiday season with family and friends or you’re back in the office kicking it into full gear, let’s take a quick moment to reminisce on our cybersecurity readers’ favorite blogs of 2019.
Written by: Carolyn Crandall, Chief Deception Officer – Creating decoys that blend in seamlessly with the production environment is critical, as is one’s approach to deploying deception credential lures. There are a variety of different ways to deploy deception credentials and different levels of validation that need to be in place for believability.
Written by: Mike Parking – Technical Marketing Engineer – In a previous blog post, I covered what I call the ‘sweet spot’ for deception, which describes the characteristics and quality deceptive assets need to have to look like the real thing if they’re going to be effective against a skilled attacker. That brings us to the idea of “keeping it real,” which sounds like a contradiction when the subject is deception. It’s not though. The core of effective deception is creating assets that an attacker can’t tell from the real thing. They look real. They act real. To an attacker, they are real.
Written by: Mike Parkin, Product Marketing Engineer – As deception technology has matured into a modern and effective security solution, vendors have pursued different techniques for creating decoys, lures, and the rest of the details that go into a deception platform. One of the challenges the industry faces is creating deceptive assets that fall into the ‘sweet spot’ that will lure an attacker in without being an obvious trap.
The over-arching goal for any cyber deception system is to create target computing and networking systems and infrastructure that will be indistinguishable by an adversary from actual assets – including both live production and test environments. While this would seem an obvious consideration, it turns out to be quite challenging technically to build such deception in practice. Except for Attivo Networks, others will attempt to do achieve this through emulation.