Businesses are starting to recognize that it may be impossible to keep attackers completely out of their networks, so they are starting to look for ways of fighting them more efficiently.
One of the ways of doing this is to use decoys to lure attackers and allow the threat to be dealt with before it affects live systems. We spoke to Carolyn Crandall, chief deception officer at Attivo Networks to find out more about how this deception technology works and what it can do.
BN: How common is the use of deception technology?
CC: Like Fight Club, the first rule of deception is that you don’t talk about deception, so it’s out there in a lot more places than people realise. We’ve seen a huge growth in the market in recent years.
BN: How does deception work?
CC: No game of strategy can be won without some form of deception and defensive measures. Many people today are waiting for an incident to happen and then reacting to it. Deception changes the game because it means we can be proactive and get a better understanding of the attack cycle. This lets us reel in an attack before it has the opportunity to really begin and in a way that isn’t reliant on signature, pattern matching and so on. There’s also no risk of false positives. If anybody touches the deception environment there’s no employee value to it, so you know it’s malicious.
The other problem with deterring adversaries is that it’s one thing to spot them, but if you don’t know anything about them it can be hard to ensure that any malware is properly removed from the network and that they can’t come back in. Deception provides adversary intelligence, we can determine where the attack starts, do a full attack analysis in sandbox environments so we can study the attacker and understand their tools, techniques and methods. We can also deliver decisive actions through integration with other systems to prevent an attack on live networks. Even if the attacker does compromise an active directory we can reset the attack surface to prevent re-entry.
BN: Is this something just for large enterprises or does it work for smaller companies too?
CC: About 35 percent of our business is with high end enterprises, the rest is mid-market companies. Many businesses are now realizing that traditional approaches involving firewalls and anti-virus systems are not enough. The attackers are getting through, you can buy a cheap attack kit on the dark web and find a way to get into a small company, exploit a mistake in configuration for example.
Deception is an easy and efficient way for even smaller organizations to operate. It is designed so that everything is easy and intuitive, and…