Page 20 - Cyber Defense eMagazine - December 2017
P. 20

Deception  files  that  contain  fake  sensitive  data  already  provide  value  by  misleading
               attackers.  New  technologies  like  HoneyDocs  (real  or  decoy  files)  with  beaconing

               technology that provides call back when accessed by attackers are also being adopted
               for adversary- and counter-intelligence. Knowing what types of files are being targeted,

               by  whom,  and  having  insight  into  where  the  data  ends up  can  be  crucial in  knowing

               where to focus additional security.


               Maintaining  attractiveness  is  critical  to  luring  and  detecting  attackers.  In  addition  to
               authenticity,  deception  must  constantly  refresh  and  reset  the  attack  surface,  so

               attackers cannot fingerprint and avoid deception. The Attivo deception campaigns use
               machine-learning  to  collect  data  on  user  information  and  network  behavior.  This

               information  is  then  used  to  build  new  deception  campaigns  that  can  be  easily  and
               quickly deployed. Going one step further, Adaptive Deception campaigns automate the

               process and empower organizations to reset the attack surface on-demand as part of

               security hygiene or during an attack. The use of deception campaigns is highly effective
               to further delay and deter attackers as they become confused and  are forced to start

               over or else reveal themselves.


               Gartner  has  openly  recognized  the  efficiency  of  deception  for  APT  detection,
               recommended it as a 2018 initiative, and acknowledged Attivo Networks for having the

               most comprehensive deception platform.





               Response Time (Rt)

               A recent SANS survey indicates that only around 50% of companies can respond to a

               discovered compromise in 24 hours or less, while remediation can take months.  High-

               interaction deception technology plays a key role in not only detecting threats quickly,
               but  also  in  identifying  potential  exposed  attack  paths.  It  can  also  accelerate  incident

               response by  analyzing  attacker tactics,  techniques,  and procedures  (TTP),  identifying
               indicators  of  compromise  (IOC),  and  automating  incident  response  through  3rd  party

               integrations.




                   20    Cyber Defense eMagazine – December 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   15   16   17   18   19   20   21   22   23   24   25