Active Defense and the Quest to Outsmart Hackers
Fighting cybercrime is growing more expensive. Perpetrating it has never been so easy. How active defense could restore a modicum of symmetry to the cybersecurity field.
Imagine you helped to roll out a comprehensive enterprise IoT-based network, and after, your firm became a victim of a string of cyberattacks. But more troubling, you detected a sizable presence of unauthorized individuals who breached your firm’s IoT devices. They are now lurking throughout your network, but you don’t yet know who they are and how long they’ve been there. Are they disgruntled employees? Competitors looking to steal intellectual property? Elite and possibly state-sponsored black hats doing reconnaissance or prepping for an attack? A combination of all of the above? Whatever the case may be, IBM-sponsored research from the Ponemon Institute indicates that organizations that have sizable IoT deployments tend to suffer more financially-damaging breaches than those that don’t.
But instead of panicking, what if you responded to this situation with a little bit of schadenfreude, gleefully telling yourself: ‘I’m going hacker hunting!’ You’re not going to do something potentially illegal like hack back, attempting to break into the computers hackers used to attack your network. But you’re going to deceive them, and you are going to set traps and lures for them. In the end, you vow to get a more precise sense of what they are after, and their possible stage of attack. Most importantly, you have a plan for finding them and getting them off your network — much more quickly than you would have otherwise.
Welcome to the world of active defense, which EY defines as “a deliberately planned and continuously executed campaign to identify and eradicate hidden attackers and defeat likely threat scenarios targeting your most critical assets.”
The idea of active defense is gaining traction in the enterprise, with the exception of so-called “hacking back,” which remains controversial. Gartner, in its Continuous Adaptive Risk and Trust Assessment model, recommends deceiving intruders and leveraging machine learning to help spot the bad guys and the data they are looking for. McKinsey has embraced the idea of active defense as essential in the era of advanced cyberthreats. And the Department of Homeland Security is offering active defense tools to the private sector.
Carolyn Crandall, whose defacto title at Attivo Networks is chief deception officer, is also a fan of the concept. “One of the things that I love about deception technologies is that you’re using some of the attackers’ own tactics against them,” she said. “Their whole thing is to come in and act like an employee, using employees’ credentials to navigate. Well, what if you turn that against them, and you make it so they can’t tell what’s real and what’s fake? And they get caught in their own web of lies?”