How to build a better cybersecurity defense with deception technologies
This new cybersecurity defense mechanism proactively protects organizations and prevents attacks.
I discussed the topic of deception technologies with Tushar Kothari, CEO, Attivo Networks, a cybersecurity defense organization.
Scott Matteson: What exactly is deception technology? How does it close major gaps in cybersecurity detection?
Tushar Kothari: With emerging attack surfaces and increasing attacker sophistication, traditional security controls have proven they are no longer sufficient to prevent all attackers from getting in. As a result, some of the biggest challenges facing security teams today include greater dwell times, slow remediation times, and the shortage of high-skilled staff.
Deception technology addresses these key challenges with early and accurate detection coupled with automation to accelerate incident response. The solution tricks threat actors into revealing their presence with authentic, high-interaction decoys that blend seamlessly into the production environment. As soon as an attacker attempts to scan the network, steal credentials, or move laterally, the deception platform raises a high-fidelity alert, reducing dwell times. From there, defenders can remediate or safely let the attack play out and collect company-specific threat intelligence to strengthen their defenses.
Deception platforms can provide automated repeatable playbooks for a consistent response process, helping alleviate personnel or skill shortages. Altogether, these features shift the balance of power into the defender’s hands and dramatically reduces the time it takes to detect and respond to attackers.
Scott Matteson: What are the current challenges with deception technologies?
Tushar Kothari: A common misconception we hear about deception technology is that it is challenging to deploy and manage. This issue may have been true with older deception technologies like traditional honeypots and honeynets, but today’s commercial deception technology comes with features that make for efficient implementation and operations.
While deception technology of old could take weeks to set up and deploy, machine learning makes deployment simple by proposing decoys and deceptive credentials that match the production environment.
Organizations can deploy a modern deception platform in less than one hour and easily configure it to suit their needs while leveraging a central dashboard for easy management and streamlined operations. The flexibility offered by modern deception technology arms organizations of all sizes to build a proactive defense.
How to be more proactive
Scott Matteson: Regarding the evolution of cybersecurity strategies – how can we be more proactive in our “perimeter-less” society?
Tushar Kothari: One way to be more proactive is to assume the attacker will get in, and plan a defensive strategy that leverages the entire network to detect them early, while gathering adversary intelligence to better defend against future attacks. In the perimeter-less society that we find ourselves in, with the rapid adoption of cloud infrastructure and ubiquitous global access, traditional security can’t scale to keep up with where organizations now operate.
Add to this the growing number of connected devices such as Internet of Things (IoT), and security teams now struggle to cover the organization’s expanded attack surface. Defenders can no longer rely on traditional solutions that attackers have proven they can regularly bypass and should focus instead on a proactive defense that leverages fast and accurate detection coupled with rapid response and relevant intelligence.
Bad actors have far too much time to plan and execute their attacks while remaining undetected. Breakout time averages 4.5 hours, underscoring the importance of detecting an adversary quickly.
Conversely, even when defenders successfully disrupt attacks, they often gather little useful data to remediate the attack fully and protect themselves should the attacker return. This lack of adversary intelligence makes it very difficult (if not impossible) to verify that defenders have removed the attacker’s foothold within the network or prepare for subsequent attacks.
Organizations must detect threats early, react quickly, and collect the company-specific intelligence needed to defend themselves. As in the physical world of offense and defense, understanding adversaries is critical for any organization to prevent and counter their potential actions.