Deception is a frequently used tactic in both defensive and offensive strategies, from chess to duck hunting, and a tool that many security professionals have been using for years. Initially, when deception was used in network defense, it involved a human carefully interacting with an infiltrator to make them believe that they had achieved access to restricted data and to keep them occupied until the threat could be contained. Today, however, technological advancements have eliminated the need for direct human interaction and have increased the believability of decoys.
Some of the greatest survivors in nature are those that fool predators in order to derail their attack. This allows them to realise the threat and make their escape or fight back. Take, for instance, the juvenile Damselfish. When threatened by predators, this marine marvel shrinks its eyes and grows a large spot on its tail to look like an eye. Having such a decoy deceives anything wishing to dine on the Damselfish into attacking the tail rather than the head. The fish can then swim off to safety while at the same time circumventing its demise. Similar forms of cunningness can also be seen with butterfly fish, octopus, chameleons, and tree frogs, which are all adept at using various forms of camouflage as a defense against predators.
Written by: Mike Parkin, Product Marketing Engineer – As deception technology has matured into a modern and effective security solution, vendors have pursued different techniques for creating decoys, lures, and the rest of the details that go into a deception platform. One of the challenges the industry faces is creating deceptive assets that fall into the ‘sweet spot’ that will lure an attacker in without being an obvious trap.
Attivo Networks CTO Tony Cole will present a session titled, Deception Technology: Luxury Item or Life Line?, which will overview deception technology and how deploying decoys throughout your environment can strengthen all the levels in a security stack, limitations of Defense in Depth strategies and the economics of defense and how to craft a business case. Additionally, Cole will share why high-fidelity deception decoys are indistinguishable from the real thing, even to advanced attackers.
The Attivo Networks ThreatDefend solution is a deception-based platform that provides early and accurate detection of in-network threats and automation to accelerate attack analysis and incident response. The platform is based on decoys, lures, application, and data deceptions that misdirect, deter, and derail threats at initial compromise or that are moving laterally within the network. The platform covers everything from legacy infrastructure to modern cloud architectures, and is simple to deploy from user networks, data centers, clouds, ROBOs, or in specialized environments based on machine self-learning deception preparation, deployment, and operations. The solution stands apart from other deception platforms in its approach to deception authenticity and in its inclusion of automated attack analysis and extensive native integrations for incident response.
Dealing with cyberattacks on a daily basis has become the reality for businesses today. However, few organisations take a proactive response. Instead, they are left to deal with the fallout after an attack happens and the financial and reputational damage to their business has already occurred. TechRadar Pro spoke with Attivo Networks’ Chief Deception Officer Carolyn Crandall who suggests that businesses adopt the long established military technique of ‘deception’ to help them gain an edge over cybercriminals.
Attivo Networks® today introduced enhancements to its ThreatDefend deception and response platform, which is designed to deceive and reveal attackers that have bypassed perimeter security. The latest version of the ThreatDefend platform augments its current Threat and Adversary Intelligence gathering by adding Counterintelligence that identifies the types of data the attacker is attempting to steal and, through geolocation services, where the documents are being accessed. This information provides powerful insight that can be used to better understand the adversary and strengthen a company’s overall defenses.