Page 116 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 116

Outmaneuvering Attackers with an Active Defense Strategy

            Any  game  of  strategy  requires  both  offensive  and  defensive  strategies.  Applying  an  active  defense
            approach to cybersecurity is critical for outwitting today’s advanced attackers. Prevention devices like
            firewalls,  IPS/  IDS,  or  antivirus  are  passive  and  reactive.  By  contrast,  deception technology deploys
            authentic and attractive decoy docs, traps, and lures to proactively misdirect and engage attackers. By
            applying a matrix of decoys mimicking servers, endpoints, applications, credentials, mapped shares,
            data, and other items that appear as desirable targets, the attackers will be attracted into investigating or
            engaging, and in doing so will reveal themselves. In this way, deception turns the table on attackers by
            forcing them to be right 100 percent of the time as they move through the network, leveling the playing
            field.

            The addition of deception increases the odds of an attacker making a mistake as they cannot tell real
            from fake—a strategy that will also increase their costs as they are forced to start over or seek easier
            targets. Increasing the complexity and cost of attack is a significant deterrent for attackers.


            An Active Defense won’t stop at detection. Stopping an adversary is critical, but doing so without knowing
            where they started, how they are attacking, or what they are after will leave an organization ill-equipped
            to  ensure  the  attack  is  eradicated  and  can’t  successfully  return.  To  achieve  the  value  of  an  Active
            Defense, one must also be able to analyze attacks, run forensics, and be able to share information so
            that all security controls can work together in derailing any attack.



            Deception-Based Active Defense for Actionable and Confident Incident Response

            An alert is not helpful when overlooked. Alert fatigue is a genuine problem for cybersecurity professionals
            who constantly find themselves frustrated from chasing down a barrage of false positives. Given that
            deception technology is engagement based, alerts are substantiated and actionable. These high-fidelity
            alerts  are  augmented  with  root  cause  information  that  includes  forensics,  threat  intelligence,  and
            correlation of relevant data.

            In advanced platforms, native integrations facilitate information sharing and streamline incident response
            for automated blocking, isolation, and threat hunting allowing security professionals to focus their efforts
            on  only  credible,  verified  threats  or  policy  violations.  The  accuracy  of  these  alerts  combined  with
            automations  eliminates  the  need  for  incremental  manpower  or  skills  training.  Organizations  will  now
            achieve  not  only  confidence  in  their  alerts  but  also  more  efficient  and  effective  use  of  their  existing
            cybersecurity personnel.














                                 116
   111   112   113   114   115   116   117   118   119   120   121