Deception technology: a modern method of defending against attacks
09Jul
Author: Oleg Poligenko, Chief Information Security Officer (CISO) at Nova Digital (Nova Group)
In the modern world of cyber threats, traditional methods of data protection are becoming less effective. One of the innovative technologies that is gaining popularity is Deception, which can be explained as " trickery".
What is Deception?
Deception is a technique used to mislead cybercriminals by creating the illusion of real systems, such as servers, databases, user accounts, and even network segments. The goal is to provoke attackers into attacking these fictitious resources while allowing defenses to detect and respond to intrusion attempts.
These traps can be active or passive. Active traps interact with attackers, collecting information about their methods and intentions. Passive traps only notify security systems of attempts to access fictitious resources.
How does Deception work?
Creating assets: The first step is to create false assets that look like real assets but have no real value. These assets can be placed at different levels of the network and mimic real resources.
Decoy deployment: False assets are placed in such a way that attackers can access them. This can include fake files, folders, user accounts, and other resources that are usually of interest to attackers. Also, the variety of types of network decoys distributed significantly increases the likelihood of an attacker's interest and increases the time spent on collecting and analyzing information about the infrastructure.
Monitoring and response: after traps are placed, cybersecurity systems actively monitor them for access attempts. If suspicious activity is detected, security systems can automatically respond by blocking intruders and collecting information about their actions.
Analysis and improvement: The collected data is analyzed to identify new attack methods and improve defense mechanisms. This allows you to constantly improve the level of security and more effectively counter new threats.
Deception advantages:
Detection of hidden threats. One of the main advantages of Deception is its ability to detect threats that may go undetected by traditional security methods. False positives can be used to detect attackers who have already infiltrated the network and are in the reconnaissance phase. Reduction the number of false positive alerts. Some security systems generate a large number of false-positive alerts, which can make it difficult for cybersecurity teams to detect and respond. Deception helps to reduce the number of such alerts because false assets are specifically designed to detect intruders, not normal user activity. Securing critical assets. With deception, you can direct attackers to false targets, distracting them from critical assets. This allows you to buy time to detect and neutralize threats before they can cause damage. Data collection on attack methods. Deception allows you to collect valuable information about the methods and tools used by attackers. This makes it possible to better understand their actions and improve defense mechanisms to counter new threats. Improving overall security. Implementing Deception helps to create a multi-level protection system that includes various methods of detecting and responding to threats. This makes the overall cybersecurity system more resilient and effective.
“Thus, Deception technology is a powerful tool in the fight against cyber threats. It complements traditional security methods, providing a new level of security and allowing for early detection of attacks. By investing in deception, companies can significantly improve their cyber defense and ensure the security of their data and infrastructure.” - Oleg Poligenko
One of the products that provides all the above-mentioned benefits of using deception tools in practice is the Labyrinth Deception Platform. This virtual machine-based solution is quick to implement and easy to scale. A wide range of different out-of-the-box traps includes not only IT system simulations, but also IoT and OT/SCADA traps. Most of the simulations are active, which not only allows you to receive notifications of attempts to illegitimately access the network, but also significantly increases the time and effort that attackers spend collecting and analyzing information about the IT infrastructure. It is also possible to customize and create your own types of traps for the best possible disguise.
You can also distinguish the Universal Web Point decoy type, which is an active imitation of web resources with the addition of vulnerabilities. Fictitious Universal Web Point web interfaces are created in minutes, are indistinguishable from real ones, and contain additional vulnerabilities that lure attackers into a trap.
The platform's interface is simple and intuitive, with information about events presented both in tabular form and as a map of interactions, which greatly simplifies incident investigation. Built-in capabilities for interacting with SIEM, EDR, and NGFW tools make it easy to integrate Deception into an enterprise's existing cybersecurity system.