When is a duck not a duck?
Machiavelli famously advised “Never attempt to win by force what can be won by deception,” and this is often the mantra of the cybercriminal. The art of deception is by far the most effective weapon in the cyberattacker’s arsenal, posing a greater threat than any single piece of advanced malware or secret software vulnerability, writes Carolyn Crandall, Chief Deception Officer at cybersecurity threat detection product company Attivo Networks.
Whether phishing their victim for credentials or tricking them into downloading malware, criminals depend on their ability to deceive their victims into interacting with them. Cyber deception is exceedingly one-sided, with attackers able to research and plan at their leisure while defenders can only prepare and anticipate an eventual attack. However, with the right technology, an organisation can turn the tables and use a cybercriminal’s own deceptive techniques against them.
Deceiving the deceivers
While offensive cyber deception is usually based around the attacker impersonating a trusted individual, defensive deception involves establishing a convincing false environment. When done correctly, the attacker will waste their time and resources going after a ‘useless’ decoy. In the best-case scenario, the attacker may give up entirely, but even the most tenacious adversaries will still end up operating significantly slower than normal, as well as giving ample warning to the security team about their activities.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise