Deception: Luxury Item or a Life Saver for your Organization?
Written by: Juan Carlos – Regional Sales Manager – Recently we had the privilege of having Carolyn Crandall, Chief Deception Officer and CMO at Attivo Networks in the city of Monterrey, NL in Mexico to give a couple of presentations on the value of deception technology.
The first was held in the incredible ALFA Planetarium. Her presentation was directed to CISOs, security managers and IT professionals responsible for innovating their cybersecurity architectures. Carolyn’s presentation focused on the increasing interest in deception-based threat detection and its entrance into the mainstream as a primary detection control for lateral movement and insider threats. Carolyn highlighted findings from the 2019 EMA report: “A Definitive Guide to Deception Technology”; users of deception have reported great confidence in being able to quickly detect threats and state that dwell-time is reduced by more than 91% compared to non-users. Let us not lose sight of the fact that Mandiant’s latest trend report indicates that the global average is 78 days, which exemplifies the lack of controls in organizations’ tool kits for early and proactive detection of threats.
One of the misconceptions about deception is that only network-level traps are required for basic detection, however, not all deception technologies are created equal. A comprehensive deception solution will turn the network into an authentic minefield. This requires the use of high interaction traps that delay the activity of the attackers, decoys that allow the attackers to be attracted to the surface of these decoys and whose events can be monitored, the ability to identify recognition activities on the objects of the Active Directory as is done with tools such as BloodHound (without installing anything in the directory) and the diversion to a mesh of deceit gaining threat intelligence and in-depth telemetry for the analyst, as well as make use of automation to reduce the response time from hours to minutes.
The analogy is simple, assets are required to become “wolves in sheepskin” that respond to any suspicious activity before a breach is successfully completed, backed by a surface of authentic traps that are dynamically updated.
According to Gartner, automation is a priority today. We know this when it comes to deception solutions being able to automatically assist in the eradication of a threat in the event of detected ransomware, credential theft or when it comes to exploiting a non-active port on your computer, which is completely suspicious. Having the ability to isolate the source from the attack on the traps or through an integration with your firewall or NAC or EDR solution is something you can achieve in seconds.
When talking about visibility, Carolyn listed 4 key factors for attendees:
- Know where your assets are
- Understand the routes and attack techniques
- Implement internal visibility mechanisms
- Apply deceptive and asymmetric defensive technology that changes the position of the defender.
The approach is becoming a real lifesaver rather than a luxury item according to analysts.
Carolyn concluded that organizations that need to compare deception solutions should look to the recent Gartner and Cyber Source Data Wellington Research reports that identify some of the fundamental criteria associated with each vendor. We implore companies to do their research and draw conclusions that are most aligned with the needs of their organization.
Trends and Priorities of the CIO 2019 with an Eye on Security
At the second conference held before CIOs, Directors & IT Managers and members of AMPI the Industrial Club of the City of Monterrey, Carolyn shared that 78% of CIOs say that they are in constant communication with “the board”.
The role of a CIO is maturing with responsibilities that change from functional to transitory and strategic. CIOs are increasingly strategic, as they are authorized to identify new revenue opportunities and operational initiatives. Technological investments are also increasing as the CIO assumes the creation of new revenue-generating initiatives, new operating models and acquires more general responsibilities. as the management of rapid digital transformation and the increase in security risks are determining many of the most critical priorities of a CIO.
Carolyn said that among the priorities for this year are:
- Improve the protection of sensitive and confidential data of organizations.
- Increase safety awareness programs and staff training.
- Update the security of data and information technologies to increase corporate resilience.
It was presented to the audience that in the face of this digital transformation boom, it is important to innovate the security mechanisms and controls so that they improve risk management positions to meet future demands. One of them, in particular, is linked to visibility and network detection on all types of surface (network, cloud, data centers, IoT / OT environments, etc.). Regardless of the type of surface or device, a universal detection mechanism is required.
During this same session, our business partner Protectia presented on the results of the latest Verizon report vs the opinion of the attendees, which was very interesting since it showed that the figures and metrics that are presented globally differ in many cases to what our region experiences.
Regardless of whether you are a CIO or a CISO, the objective is clear today: it is necessary to reduce the residence times of advanced cyber attackers and respond as early as possible to trivial activities such as the recognition phase or when a Ransomware begins to spread in its initial phase.
Attivo Networks deeply thanks the attendees of both forums and of course the collaboration of the team coordinated by Bernardo Treviño, General Director of Gartner and President of AMPI in his Chapter in Monterrey and the entire team of our Protectia business partner, led by David Hernández who did an arduous job to make these events a success.
Together we do GREAT things!
1) New Cyber Research Records at 91% Reduction in Dwell Time for Users of Deception Technology: https://attivonetworks.com/new-cyber-research-records-a-91-reduction-in-dwell-time-for-users-of-deception-technology/
2) Solution Comparison for Six Threat Deception Platforms: https://www.gartner.com/doc/3939890
3) Webinar (10/24) – Deception Imperatives and Vendor Comparison Spotlight: https://www.brighttalk.com/webcast/17319/371988/deception-imperatives-and-vendor-comparison-spotlight