Early Identification of In-Network Attacks with Deception Technology

By CIOReview | Wednesday, July 24, 2019

Organizations are now moving towards identifying and reacting to threats, with the help of specialized technology.

FREMONT, CA: Financial services firms are rediscovering a very efficient defense method— the technology of deception, which is much easier to use than before. A company sets up a false set of information, technically known as a honeypot, on a distinct network in deception technology. Experts in cybersecurity can detect, monitor, and protect against an assault without affecting any actual information. The technology of deception is nothing less than a change of paradigm. Deception technology can be comparatively easy, such as promoting attackers by deploying text that is appealing to hackers in the network to follow false leads.

Rapid detection with minimal or zero false positives is the main advantage of deception technology. The decoy network lures the attackers. This does not ensure that other intruders do not exist, so deception technology is not a substitute for additional security controls. Nevertheless, before any harm or danger, great deception will detect and regulate the intruder.

The intruder can be captured and controlled once identified–and expelled at will. Inside a virtual mirror room, security teams can choose to deceive and delay adversaries away from manufacturing assets. This enables the defenders to extract compromise indices for sharing intelligence, and perhaps more importantly, to use forensics to discover and remedy the original entry point. This is a proactive defense–pre-exfiltration remediation that can be implemented.

Since the technology relies on presence identification rather than known signatures or known behaviors, it will detect all types of intrusions, be it a cybercriminal, a contractor doing more than specified in the agreement, or even an employee seeking data about an upcoming merger or acquisition. With detection, a tremendous quantity of accumulated data, analysis of attacks, and correlation can occur. These processes are simplified and automated by deception to ensure that the attack is stopped, purged, and prevented from returning.

Deception changes the picture on attackers by offering organizations with a pragmatic defense intended to derail attacks early, and increase the complexity and cost of an attack. Highly sophisticated decoys and lures are designed to misdirect attackers, revealing their existence rapidly and giving their adversary the chance to collect advanced forensics.