Page 18 - Cyber Warnings
P. 18
skilled resources to tune the systems, analyze the data, and to manage the number of false
alerts that are often generated as a result of pattern matching and anomaly detection
techniques.
Deception takes an entirely different approach to cyber defense. Deception is designed to
detect what prevention systems have missed and to give organizations the real-time visibility to
know what is lurking in their network. Deception is inherently efficient since it uses deception vs.
monitoring signatures or attack patterns to detect a threat actor.
Systems are easily installed in under 30 minutes, and alerts are substantiated with detailed
attack forensics based on actual engagement. Alerts can be viewed in a threat intelligence
dashboard, easily reported on or can be set up to integrate with prevention systems to
automatically block attacks and quarantine infected devices.
Given the simplicity of management and the high fidelity of alerts, additional resources are
typically not required to operate a deception platform.
It is important to note that not all deception platforms are alike and there is a wide variance in
breadth and depth of solutions. Many providers only have partial solutions such as an
engagement server or endpoint deceptions or they may not work in a user network, data center,
or cloud environment.
They may support full customization and operating systems or only an emulated environment. It
is highly recommended to do your research and understand how complete a vendor’s offering is
and whether it can meet all of your needs.
Here is a checklist for how to evaluate the elements of a comprehensive deception
platform, including the criteria, which can be used for your evaluation.
What environments are supported?
o Will the solution support user networks?
o Can the solution scale to operate in a data center?
o Will you need cloud security? AWS, Azure, OpenStack, VMware
o Do you need detection for Industrial Control System or IoT environments?
How effective is the detection?
o Reconnaissance
o Stolen Credential
o Ransomware
o Phishing
How comprehensive is the deception? Deception lures are based on a variety of
deception techniques that are placed on endpoints and servers and are used to lure
attackers to the engagement server. Deception lures should cover layers 2-7 and
regularly refresh for the greatest level of effectiveness.
o What type of deception lures are available
End-point
18 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
