IT security is a very specific part of Informational Technologies. Experience has taught us that no system exists that can fully protect us. You can invest tens and even hundreds of thousands into various security systems and still not have the guarantee of being completely secure. This is why I like to say that IT security is actually about lowering risks. By investing in different parts of the security chain, you are lowering the risk of potential breakthroughs or data theft.
In the last 12 months, deception technologies have become a strategic tool in many large organizations. Those organizations already had a wide range of tools in their security arsenal which placed them before the following dilemma: do we change, add-on or upgrade our existing security systems?
The answer is simple. Deception enhances existing tools within an organization and offers them critical intelligence about security threats within the ecosystem coupled with early detection of breaches and high precision warnings.
How does Deception work?
By generating false data and distributing decoy assets that act as bait, Deception represents a decoy layer in your infrastructure. By doing this, Deception technology offers defense against threats, because only systems or people actively looking for something (or in case there is a configuration problem) can come into contact with this decoy layer.
If an inside-the-network threat is detected and starts interacting with a decoy asset, threatening the real asset, this means the threat has bypassed all of your other security features. This is why Deception forensics is a critical part of your threat awareness, helping you detect breaches early on. From the moment you receive a first warning about a security threat from the Deception system, you can focus on whether further forensics is needed or how you need to organize your security experts to remove the threat.
Apart from feeding existing systems with information, Deception technologies are also useful when making security decisions. What to do with an attacker? Should the threat be stopped, watched or reduced? In what ways can forensics and data be used? Can you use the identified IoC (Indicator of Compromise) and find other assets within the infrastructure with the same infection profile? Can you freeze processes to stop the threat?
Finally, by using Deception forensics you can strengthen your Firewall infrastructure and block malicious IP addresses that are linked to the campaign. In case an attacker has injected a malicious code into your system in order to achieve external access, that code can be analyzed and feed into the security system to stop C&C (Command and Control) activities before the attack even begins. On the other hand, you can change the credentials of a compromised account with the first sign of an alert. As you can see, Deception technologies already use classic, well known tools from the security arsenal. These tools help you create an ecosystem that can defend itself from attacks that you overlook. One thing is for sure – there is no false marketing here. On the contrary, this is a simple, yet practical concept within IT security.