Page 19 - Cyber Warnings
P. 19
Server
Application
Data
o Are the deceptions static or do they dynamically update?
o Do they support the OS you need?
o Do they require an agent to maintain?
o How easy are the lures to deploy and update?
How authentic is the deception? Engagement or deception servers, run real or emulated
operating systems and services, and are designed to lure attackers away from
production servers. Deception servers running real operating systems with the ability to
customize to your environment, provide the highest level of authenticity.
o Are the servers running real operating systems or are they emulated?
o How extensive are the services?
o Can you load a “golden image” or customize services to make the deception
servers indistinguishable from production servers?
o Can they deceptions be designed to match hospital devices, SCADA or IOT
environments?
How difficult is it to install? Some deception engagement servers require network
integration and monitoring of all traffic while others can reside off of a switch and don’t
require a network redesign or traffic redirection assessments.
o Is in-line deployment required and if so, what network and compute changes
need to be factored in?
How well does the engagement server analyze, identify, and report on attack findings.
o Can the system identify attacks without known attack patterns or signatures?
o How comprehensive, safe and manageable is the analysis environment?
Advanced deception systems can open communications with the Command and
Control (C&C) to understand more about attacker methods and tools being used.
o How comprehensive is the attack information and how is it displayed or
information shared?
Dashboard
Clarity of information
Detail drill down
Information Enrichment (I.e. Virus Total)
Report formats: IOC, PCAP, STIX, CSV, etc.
3rd Party Integrations
Automated or manual with SIEM, Firewall, Patch Management,
etc.
How accurate and detailed are the alerts?
Can they be customized based on level of attack finding?
How clear is it to quickly identify areas of greatest concern?
Is all the detail required for incident response and infected system
quarantining provided?
19 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
