Trapping threats
with next-
generation cyber
security deception
technology

Author: Phil Muncaster

Organizations have spent too long operating in reactive mode, bombarded by increasingly sophisticated cyber threats. Security spending continues to grow, but so do serious breaches. Cyber security deception technology offers a new approach, turning the tables on bad actors—the masters of deception—by luring them into revealing themselves.

Recent advances in technology have made deception security cost-effective and operationally feasible. By working with the right managed services partner and following a few simple guiding principles, you can realize significant improvements in your threat detection and response capabilities.

A changing world

The modern enterprise is a complex amalgam of legacy and digital systems comprising IoT devices, cloud assets, bring-your-own-device hardware  and, now, a largely remote working endpoint estate. The old certainties of perimeter-based security are gone. A more fluid IT environment opens new entry points for cyber criminals with tool sets that include (but are not limited to) vulnerability exploits, phishing lures and stolen credentials.

Global spending on cyber security is set to increase 10% in 2021, yet organizations struggle to stop advanced threats, Canalys reports. Traditional reactive tools are failing, and security operations center analysts are overwhelmed by and unable to prioritize threat data from competing products. Tanium reports that global organizations have, on average, 43 tools to manage endpoint security alone, each pumping out data and alerts. The result: attackers sneak in under the radar and stay undetected for far too long—more than a quarter of breaches took at least one month to detect, according to Verizon's 2020 Data Breach Investigations Report.

Security teams need a proactive way of detecting suspicious activity earlier in the cyber kill chain.

What is deception security?

This is where cyber security deception technology comes in. It's sort of the virtual equivalent of a burglar-detecting motion sensor system. Fake assets and data are scattered throughout your IT environment, and digital breadcrumbs lure attackers to these assets. When an attacker interacts with the bait, the system triggers an alarm. You can kick the intruder out of your network right away, or you can monitor them to gather intelligence.

Cyber criminals have been using deception for years, creating spoofed phishing emails and hiding hidden malware inside legitimate-looking apps and attachments. It's time to turn the tables.

Setting the trap

There are many cyber security deception technology systems on the market today. Each is slightly different, but they all use common elements.

  • Digital breadcrumbs are placed on legitimate IT assets and in active directories to lure attackers into the deception environment. These might include fake documents, emails and files.
  • Honey pots, or decoys, are machines or servers set up to look like legitimate IT assets but which are really primed to detect any unusual activity, such as the presence of network scanning tools. Attackers use honey pots to figure out how to move laterally.
  • Honey users are fake accounts set up to monitor brute-force attempts to hijack them.
  • Honey credentials are placed on endpoints as bait for attackers. If attackers compromise these credentials and try to use them elsewhere, you'll know right away, and you can track the malicious actor across the environment.
  • Honey files are placed in important directories to monitor attempts to open and alter them.

What can cyber security deception technology do for you?

By laying virtual traps, you can more effectively minimize the risks and ramifications of advanced cyber threats such as data theft, ransomware, banking Trojans and coin mining. And you can stop some tried-and-tested threat actor techniques, such as credential theft, lateral movement, sensitive data theft, man-in-the-middle attacks and attacks on directory systems.

Cyber security deception technology can help you:

  • Make security operations center analysts more efficient by minimizing false positives and providing high-fidelity, actionable intelligence to track attackers
  • Mitigate the financial and reputational impact of a serious security breach by reducing dwell time (the length of time attackers remain in the network undetected)
  • Optimize threat hunting, incident response and cyber resilience by collecting detailed forensics, including indicators of compromise and attackers' tactics, techniques and procedures
  • Enhance decision-making by improving cyber risk visibility
  • Confuse intruders and discourage future attacks

What do you need next?

First-generation deception technologies were resource-intensive, limited in scope and relatively easy for attackers to circumvent. Honey pots worked in isolation from the production environment.

However, with next-generation technology, decoys and breadcrumbs are scattered throughout the IT environment. Virtual machines make it relatively easy and cost-effective to spin up new decoys and switch things around. Artificial intelligence (AI) and automation can dynamically suggest where traps could be set to ensure that they blend in.

The good news is that there's plenty of choice on the market today and cyber security deception technology can be used by virtually any organization. For maximum success, consider the following principles.

  • Authenticity is crucial to ensuring that attackers fall for your decoys and breadcrumbs. AI tools can help with this by evolving the environment on an ongoing basis.
  • Scalability ensures that decoys are placed throughout your IT environment—across the cloud, on-premises servers, IoT devices, payment system assets and so forth. AI and automation are your friends here, too.
  • Integration with security information and event management systems, extended detection and response, and security orchestration, automation and response will drive value from existing investments and streamline your processes.
  • Outsourcing deceptive security to a managed security service provider might be an attractive option, especially if you want to free up in-house security analysts to focus on high-value tasks.

Discover how Verizon can help provide strategic cyber security deception technology so you can detect and respond to attacks faster.