Page 117 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 117

The Weakest Link May Be Within Your Supply Chain

            Supplier security breaches are at an all-time high and have been the underlying cause of many of 2018’s
            breaches.  In  addition  to  validating  whether  internal  security  controls  are  working  reliably,  deception
            provides a critical resource in detecting employee, contractor, and supplier policy violations and nefarious
            actions. With privileged access comes greater risk and the need for accurate and substantiated tracking
            of unauthorized access or activities. Deception records and alerts on any engagement with a decoy or
            attempts to use deception credentials. There is no production value for employees or third parties, so
            each engagement-based alert requires immediate attention without need for behavioral or traffic analysis.



            Ongoing Security Control Assessment and Compliance

            Deception technology plays a crucial role in pen testing and is now commonly used to validate security
            resiliency and reporting that can be used for audits and compliance. Proving the ability to detect the Red
            Team and record their actions can be crucial in demonstrating compliance. Additional visibility tools are
            also useful for ongoing assessment of credential exposure, network device changes, and attack lateral
            movement  understanding.  Decoy  documents  are  useful  for  security  teams  looking  to  track  what
            documents adversaries are targeting and the geolocation of where they are opened.



            Deception Has Become An Indispensable Part Of Cybersecurity


            The adoption rate of deception technology is soaring due to its effectiveness as a tool for early detection,
            adversary  intelligence,  and  creating  an  active  defense  to  outmaneuver  an  attacker,  with  Gartner
            estimating that the market share for deception technology will exceed $2 billion by 2021.

            Deception  provides  non-intrusive  detection  effective  in  identifying  external,  internal,  and  third-party
            attacks  throughout  the  attack  cycle,  including  reconnaissance,  credential  harvesting,  and  lateral
            movement. The solution also provides adversary intelligence that provides organizations with a better
            understanding of attack origin, method of attack, and intruder intent.

            Preventing all cyber intrusions simply isn’t possible. Deception technology plays a critical role in changing
            the  game  on  attackers  by  empowering  organizations  to  find  attacks  that  have  bypassed  perimeter
            controls early, regardless of the attack method or attack surface. This combination of factors makes
            modern deception technology an effective and essential tool for deflecting, understanding, discouraging,
            and defending against the most sophisticated adversary.













                                 117
   112   113   114   115   116   117   118   119   120   121   122