Written by: Carolyn Crandall, Chief Deception Officer – Over the past five years, the conversation around cyber deception has advanced from the question of what it is to what to use it for. Fundamentally, cyber deception has evolved into a highly regarded threat detection solution for companies of all sizes and security maturity levels. This blog outlines how the capabilities of deception technology have expanded and the various roles it can play within the security stack. This particular article aligns with the steps a responder will take in preparing for and responding to an attack.
We asked 25 security professionals to provide us with some examples of use cases where they are helping clients secure applications and data. Here’s what they told us:
1) We ensure apps that manage valuable data (personally identifiable information, healthcare data) are secure. We see data dumps of SQL databases from insecure apps on the dark web all the time. We help customers identify their high-risk applications, identify the kind of data at stake, and evaluate the risk to the company. We prioritize and put the appropriate testing in place to protect customer data managed by the web app. 2) Hackers are using apps to break into internal networks of corporations. Any app poses a risk if someone can access your mainframe through it. We help clients identify the risk of their apps.