Cyber attacks are constantly evolving and consequently businesses are always seeking new ways of defending themselves. This is as much about understanding the nature of attacks as about preventing them.
One of the latest developments is the use of deception, employing camouflaged traps and tokens to throw the attackers off balance by detecting and understanding the nature of the attack and their plans.
We spoke to Kev Eley, VP at TrapX to find out how a new approach to security, based on deception techniques, is helping organizations to turn the tables on attackers.
BN: What is deception-based technology and how does it work?
KE: For many organizations, the biggest challenge they’re facing now is not just how to keep the attackers out, but how to detect when they have infiltrated the network, as early as possible. It’s increasingly inevitable that attackers will be able to bypass traditional perimeter defenses, and security controls. Once they are inside the network, they can stay undetected for longer, posing a bigger risk for organizations.
This is where deception-based technology comes in. It protects organizations’ valuable IT assets against a multitude of attacks, from APTs to malicious insider activity. Deception technologies hide among an organization’s real IT assets, and appear, to the attacker, to be genuine systems, files or devices. However they are not what they seem to be.
Camouflaged traps and tokens are designed to bait, engage and trap the attacker once they’ve bypassed perimeter controls. These act like sensors in a network which are able to detect an attacker’s movement in the reconnaissance stage as they try to locate high value targets across all areas of the network.
Once they have engaged with a trap, an alert is set off to IT teams so that they can shut down the attack quickly and resume normal business operations.
BN: How do new, emerging approaches to deception differ from traditional ‘honeypots’?
KE: Traditional honeypots are deployed separately so require huge amounts of manual administration which can be a time consuming and mundane task for large enterprises.
Deception technologies offer a far more advanced approach. Emulated traps can imitate a plethora of different IT assets and devices including medical devices, laptops, retail point of sale terminals, routers, workstations — to name a few. These emulated traps are inexpensive to deploy and automation allows this to happen with minimal effort at a larger scale.
New approaches also have out-of-the-box integration with ecosystem technologies such as network access control (NAC) that can take indicators of compromise (IOC) data to trigger the immediate isolation of an attacker.
BN: How does deception-based technology benefit an organization and add value to an organization’s existing security strategy?
KE: In order to deal with increasingly sophisticated attacks, organizations need to use a range of tactics. Deception technology is giving them a new way to regain control from cyber criminals that have infiltrated their network.
One of the major benefits of deception technology is the faster, real-time detection of the most sophisticated attacks. Deception technology helps organizations to find the new breed of threats that traditional cyber defenses cannot detect, and that may already be inside your network.
Its advanced real-time forensics and analysis also helps organizations to gain valuable insights about the activities of the attackers — for example if they’re attempting to steal data or deploy malware. This information can be used to inform decisions about security policies and where organizations need to allocate resources.
Additionally, deception based solutions are also compatible, and complementary with, an organization’s existing security solutions such as Endpoint Protection Platforms, SIEM technology, sandboxes and Network Access Control solutions.
BN: Why is there a need for such technology and what are the main factors driving the adoption of deception-based systems?
KE: Deception technologies help organizations to solve one of the ongoing headaches in terms of security, that is, detecting attackers who have breached the network. Advanced firewall and endpoint protections are simply not enough when it comes to combating sophisticated threats. This is exacerbated by the fact that attackers are constantly modifying their approaches to work around these defenses or to exploit vulnerabilities. Attackers can then stay undetected for weeks or months, before exfiltrating sensitive data.
Deception as an approach to defense, changes the playing field completely; it allows organizations to thwart attacks that get past the perimeter, to trap attackers and then to gather important information on what they’re doing.
Rather than waiting for the ‘hit’, with intelligent deception technology organizations can turn the tables on their attackers.
BN: How do you see this area of technology advancing in the future?
KE: As attacks become stealthier, and more difficult to detect, the cyber security industry has to continue to adapt to keep ahead of the cyber criminals. Deception technology is becoming an important part of organization’s cyber security strategy and in order for this to continue, the technology needs to evolve.
As such, it’s moving towards a full stack architecture, knows as ‘deception in depth’ — an integrated platform which includes all of the deception techniques available, from token or lures deployed on endpoints, to full interaction traps or full operating systems traps (full OS).
The overarching aim must be to continue to develop deception tools which change in line with organization’s infrastructures and technologies. In this way, we can continue to use deception to our advantage; not only stopping attackers in their tracks but also gathering important information on their activities.