Attivo Networks Blogs

Gula Tech Adventures – Episode 23 – Tony Cole – Cyberdeception

Gula Tech logo

Ron and Cyndi Gula interview Tony Cole, CTO at Attivo Networks, and speak about the use of cyber deception to thwart and frustrate hackers. We also speak about the cyber industry, Tony’s career in cybersecurity and some great works of science fiction influencing the industry.


Tony Cole: [00:19:30] Th-that’s a great point you’re making and, and quite frankly, there are probably, you know, hundreds if not thousands of those that are, you know, happening right now that, uh, we’re simply unaware of, uh, and it goes back to, to SolarWinds who, great example, the biggest hack we’ve ever seen, you know, and my response always is, “That we know of.” [laughs] You know, ’cause it may be happening, we’re simply unaware of.

So, when you look at dwell time across the board, you really have to think about a number of different things. The adversary, first of [00:20:00] all, has typically done reconnaissance on your organization. Uh, the Microsoft Exchange attack, HAFNIUM, that took place, uh, after SolarWinds, uh, supposedly when those vulnerabilities came out, it was a matter of minutes before, you know, there were attackers scanning out there, looking for opportunities, you know, to, uh, to compromise somebody.

Versus a targeted attack where they’re specifically looking at your organization, your corporation or, you know, potentially even a high wealth individual, doing reconnaissance on ’em, social media, uh, LinkedIn is, you know, a gold mine for pulling that information up. Doing the compromise is somewhat rudimentary because it’s pretty easy. I’ve been in this field forever and I will tell you, uh, and I know you both know this, doesn’t matter, I could get compromised as well. So, if, uh, if I’m sitting there and I subscribe to a news flash, you know, every single day and somebody knows that I subscribe to that news flash and I’ve got a grand kid in daycare down the street or something and they spoof that email and send it over to me, do you think I’m [00:21:00] gonna click that link if they say there’s a fire there? Yeah, I’m a human being. More than likely, I’m going to. You know, ho-hopefully my spidey sense will go off and I’ll, I’ll do some research and I’ll go to the website instead of clicking the link, but nevertheless, everybody can be compromised.

But the point is, from that initial point of compromise, that dwell time, even though it shrunk because of ransomware cases, can sometimes run for years. The Yahoo breach was one that ran for years and years, you know, and uh, you know, [laughs] still, they don’t talk about it anymore. Don’t know if it’s really cleaned up or not. So you’ve gotta look at the dwell time from that initial point of compromise until it’s detected, that’s the dwell time, but then you have the containment time after that, that could run for a long period of time and you also have the, uh, um, the pivot time. How long does it take that adversary to leave that initial breach point and move laterally inside the environment, escalate their privileges?

That’s kind of where our expertise is, looking for that lateral movement and then privilege escalation and the additional beachheads they may create. So many [00:22:00] companies today talk about, “Oh, well, we caught ’em at this point. We cleaned it up, so, and they’re out.” Well, are they? Are they out? Do you know if it’s a sophisticated adversary? Maybe they put in additional beachheads and they, uh, you know, went dormant for a year. You don’t know.

Cyndi Gula: [00:22:14] I-I think that’s something else that the public doesn’t quite understand when they think, “Oh, a security hack.” Like when a kinetic bomb hits, it’s instant, you see it, it’s there and that was the point of attack. Yes, they can understand there was planning to get to it and everything, but in general, the attack itself is kinetic and we still borrow a lot of the language from kinetic attack to cyber…”

Listen to the podcast and read the whole transcript on Gula Tech.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

nineteen − 13 =

Ready to find out what’s lurking in your network?

Scroll to Top