Deception networks: Reducing alert fatigue and increasing security through an alternate reality
The most concerning revelation to come out of the security industry over the past couple of years isn’t the Mirai botnet, nor the hacks of Verizon, Yahoo! (before the acquisition), or the Democratic National Committee (DNC), or even the infamous Jeep hack. Instead, it came from security company FireEye’s June 2016 Mandiant M-Trends Report, in which it was revealed that the average time between compromise and detection of a cyberattack is 146 days.
While this number is unnerving for enterprises of any kind, it’s particularly disconcerting for industrial and Internet of Things (IoT) companies that deal in sensitive and/or safety-critical products. 146 days is nearly five months, or almost half a year that advanced persistent threats have to siphon sensitive intellectual property (IP) or customer data, propagate into critical systems, and, potentially, do serious physical damage.