Deception technology is no longer considered an overly complex cybersecurity solution designed only for the largest enterprises with infinite financial and operational resources. Deception is being adopted more broadly by companies of all sizes and industries and is now recognized as a mature, scalable and standard security control. CISOs know that they need to rationalize where their dollars are being spent, and they must invest wisely in proven technology that can deliver a reasonably quick and measurable ROI. With data breaches continuing to occur at unprecedented rates, it’s clear that a prevention-only defense is no longer sufficient for the modern enterprise. Threat actors are going to get access to corporate networks and the faster, more accurately and more efficiently attackers can be detected, the greater the likelihood they can be shut down before exfiltrating critical data.
Still, questions remain relative to deception technology’s applicability to cyberdefense. There are many answers to this question. The most pertinent one is that it allows defenders to shrink adversary “dwell time” inside their own environment. Let’s talk about deception for a moment before digging into how it can reduce dwell time.
Deception has been used for millennia to win major battles. There was the mythical Trojan horse packed full of soldiers who took over the city in the middle of the night after everyone was asleep. Alexander the Great used deception to beat Porus in a battle by tricking him into thinking he was not crossing a river when in reality, he did cross the river. Genghis Khan deceived his enemies into thinking he was retreating. Surprise! It was a trap. There are many other historical cases where deception was utilized to secure a victory in battle.
Beyond warfare, use of deception is also prevalent in most sports—teams build an offensive strategy to fool the other side into setting up in the wrong defensive scheme so they can get around them and score.
Today, midsize and large enterprises are connected to the internet from locations around the globe. CISOs mostly agree that they are frequently under attack, and they acknowledge that attackers will find a way into their networks. These battles, though, increasingly are taking place not on a battlefield or playing field but in the enterprise, which is essentially a CISOs home turf. Deception allows defenders to utilize that home-field advantage to slow, disrupt, deter and, most importantly, quickly identify the attacker inside the enterprise.
How a Deception Technology Playbook Works
Dwell time, the duration a threat actor has undetected access in a network until it’s completely removed, remains a major security issue today. Discovery increased to 101 days in 2017 from 99 days in 2016 (FireEye/Mandiant’s 2018 M-Trends report) globally and can be considerably longer in many regions. Clearly, adversaries are afforded too much time to move around inside the enterprise once they’ve breached. Among the major home field advantages that deception technology provides is that it enables the security defender to quickly identify attackers or policy violations, close the detection gap and shrink dwell time by rapidly detecting the growing number of in-network threats that other security controls miss. By simplifying and automating processes, it also reduces the mean time to remediation, another critical benefit…