As I pointed out in my previous story, “How Deception Technology Can Give Defense the Upper Hand in Cybersecurity,” deception-based cybersecurity systems allow defenders to play a much more proactive role when an attack is detected.
In this story, I’ll examine how an active defense strategy can be used to slow down, gather intelligence on, and ultimately outmaneuver an attacker. (For an in-depth explanation of deception-based cybersecurity technology, see “Active Defense: How Deception Has Changed Cybersecurity” on Early Adopter Research.)
But before we proceed, one key note of caution. Active defense is not about attacking adversaries. It is about detecting and derailing attacks early, gathering the intelligence needed to understand the attack, and stopping and preventing similar occurrences in the future.
Here’s what a company that employs an active defense faces when attacked:
- The company uses a deception-based cybersecurity system to put decoy data and attack points all over its IT landscape.
- An attacker gains access inside the perimeter of the network and is lured into accessing one of the decoys or the deception bait.
- At this point, an alert is raised and security analysts can make a choice: Shut down the attack or contain the attack within the deception environment and observe what the attacker does next through forensic analysis.
If the security analyst decides to go down the forensic analysis path, here are five ways to fight back.