Page 115 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 115

Perimeter Security is Important—but It Isn’t Enough

            Explosive  growth  in  the  number  of  internet-connected  devices  has  broadened  the  threat  landscape,
            providing attackers with countless new devices and architectures to exploit. While it’s tempting to try to
            address this problem with advanced endpoint protection (EPP) and next-gen firewalls, significant risk
            remains if they are not coupled with detection controls to identify threats that have bypassed perimeter
            defenses or result from an insider or supplier who gains privileged access.

            Organizations must adjust their security controls to address today’s advanced attacker and the evolution
            of attack surfaces. Deception is an approach that has been used for millennia in military, sports, and
            gambling to outmaneuver the adversary. Organizations are now rapidly deploying deception technology
            within cybersecurity for a valuable, proven solution that allows them to quickly and accurately detect in-
            network threats. This doesn’t mean that traditional cybersecurity tools should be discarded, but rather
            augmented with tools that provide early detection, reduce dwell time, and provide intelligence to better
            understand  one’s  attacker.  Adding  deception-based  detection  to  the  security  stack  will  also  provide
            visibility into whether security tools are working reliability, as well as high fidelity alerting when an attacker
            is successful in bypassing them. A comprehensive deception solution that includes network, endpoint,
            application,  Active  Directory,  and  data  deceptions  can  be  extremely  powerful  in  derailing  attacks
            accurately and efficiently.

            The unfortunate truth is that many organizations are strictly reactive to attacks, unable to gather threat or
            adversary  intelligence  to  understand  the  attacker  and  prevent  them  from  successfully  spreading  or
            returning. Deception technology addresses these issues by implementing an active defense strategy with
            wide-ranging impact.



            Deception Arms Defenders with Improved Adversary Intelligence

            Put  simply,  deception  technology  provides  better  detection  against  better  attackers,  as  well  as  the
            adversary intelligence required to respond to an attack, shut it down, and make sure it is eradicated and
            cannot successfully return.

            One of the most valuable things that deception does is reduce dwell time, or the amount of time that an
            intruder spends inside the network before detection. This prevents the threat actor from camping in the
            network and reduces exposure. Additionally, once an attacker enters the deception environment, the
            system  will  track  their  movements,  identify  tactics,  techniques,  and  procedures  (TTPs),  and  gather
            indicators of compromise (IOCs), providing valuable threat and adversary intelligence.

            Deception  also  provides  visibility  into  exposed  credentials,  misconfigurations,  and  network  device
            changes  that  create  increased  security  risk.  This  allows  for  ongoing  assessment  of  risk  related  to
            mistakes, policy violations, and unauthorized device access.









                                 115
   110   111   112   113   114   115   116   117   118   119   120