Loading
One of the most frequently asked questions we get at support, when working with clients and partners, is how to choose which kinds of Points (network decoys in Labyrinth Deception Platform) to utilize.
For a long time, in tons of different media and marketing materials, we witnessed the approach of stuffing your VLANs only with those types of decoys that mimic services that are actually present in the IT/OT infrastructure. However, when facing reality outside the ideal world of marketing content, this approach turns out to be rather ineffective.
Here, in the Labyrinth Deception Platform (LDP), we follow the opposite strategy where the goal is to put as many of the different decoy types as possible. Especially when taking in mind that LDP Points (network decoys) are lightweight, completely separate instances that can be implemented in large amounts without any use of IP aliases or without requiring much of the resources.
The motivation behind this approach is simple. In the fast-evolving world, technologies, gadgets, and protocols are constantly updated or even replaced with newer and faster versions, which makes it unreal for an attacker to be keen on all of the topics. Especially if we are talking about masters of their craft, some of them prefer Windows, some prefer Linux, and some enjoy Web. And the list goes far and beyond. So the strategy of security engineers would be not to blend decoys into the infrastructure, hoping that the attacker would go for a decoy but won’t investigate your legitimate resources, but rather to outsmart them and provide the diversity where attackers with different specializations will find their toys to play. By the end of the day, we are all humans, and forgetting virtual machines or some unintentionally open ports is not something new.
Our newest case study of implementing LDP in the one of the law enforcement government agencies of Ukraine bulletproofs this theory: the intruder was caught not because he was playing around with decoys that emulate common for these subnet services, but because of an unlogically placed SCADA decoy. This case is a great example of how thinking outside the conventional security box can lead to significant victories against cyber threats.
At Labyrinth Security Solutions, we remain committed to pioneering innovative security solutions that keep our clients one step ahead of attackers, safeguarding their critical information assets in an ever-evolving digital landscape.
About the author
Anastasiia Dorosh is Cybersecurity Implementation Team Lead at Labyrinth Security Solutions, responsible for, among other things, implementing the Labyrinth Deception Platform in test and production installations. Before joining Labyrinth, Anastasia worked as NOC and DevOps engineer in tech companies.