Page 16 - Cyber Warnings
P. 16
How to Evaluate Deception Platforms and Checklist
By Carolyn Crandall, CMO, Attivo Networks
With over 700 reported breaches occurring annually, a modern day adaptive security approach
requires a combination of prevention and detection technologies. Even the most state of the art
prevention solutions cannot keep every attacker out. Being able to promptly detect threats that
have bypassed prevention systems becomes a critical line of defense in preventing the
exfiltration of data, PII information, and/or potential harm to critical infrastructure or a company’s
brand reputation.
This blog will provide an overview on what deception technology is and how it provides an
efficient and effective solution for detecting inside-the-network threats in real-time. A useful
checklist is also included, which can be used by organizations to understand the elements of a
comprehensive deception platform and how to evaluate both the breadth and depth of deception
offerings.
What is deception technology?
Deception technology is designed as a network “motion sensor” that will alert organizations, in
real-time, of threat actors that have bypassed cyber security prevention solutions and have
made their way to the inside of the network.
Deception systems will turn the network into a ubiquitous trap through the usage of deception
techniques that are designed to confuse, misdirect, and delay attackers by incorporating
ambiguity and misdirecting a cyber attacker’s operations. This provides an early alert system
and the much needed time and visibility to thwart the attack and remediate infected systems.
What does deception technology do?
Deception platforms are based on high interaction engagement servers working in conjunction
with decoys and deception lures to deceive, detect, and analyze attacks.
Deception platforms are designed to detect and analyze all threat vectors including
reconnaissance, stolen credential, phishing, and ransomware. Unlike a honeypot (an early
stage form of deception), which was designed to be a low interaction honeypot for detecting
automated scanning tools and worms, deception is designed to detect inside-the-network
threats and their lateral movement by human attackers.
Deception is not reliant on signatures or known attack patterns making it extremely effective for
gaining real-time visibility into attacks such as Zero day, stolen credential, and insider threat
actors.
16 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
