Written by: Mike Parkin, Technical Marketing Engineer – I had the opportunity to attend InfoSecurity Mexico 2019 in Mexico City, and it gave me a new firsthand perspective on the information security landscape in the Latin America market. The fact that I only speak a little Spanish, and do it poorly, was something of a handicap, but there were still some very rewarding conversations with IT and InfoSec professionals whose English was far better than my limited Spanish.
Each country has its own regulatory paradigms and cultural concerns, but the technical challenges are common for us all. It doesn’t really matter where in the world we are. Attackers are always trying to get past our defenses and reach targets somewhere in our environment. It doesn’t matter whether you are a small startup or non-profit with only a handful of people or a multi-national business with staff scattered across multiple countries on several continents.
We are all targets.
How organizations deal with these challenges has been evolving and needs to continue to evolve as adversaries find new ways of attacking or resurface old techniques. Deception technology is part of that defensive evolution. Using deception inside the network to obfuscate and confuse the attack surface is what we do with the ThreatDefend platform, and it has become an accepted technique within the defense stack. Though one thing I noticed while talking to people at InfoSec Mexico, albeit in a limited number of conversations, was that deception as a defense, and deception technology as a tool, didn’t appear to be as well-known as it was at the events I’ve attended here in the States.
While deception as a concept isn’t new, doing it at scale is. Where research projects have existed for a while, commercial grade deception is still a recent addition to the security stack. For example, Attivo Networks introduced commercial grade deception to the field in 2014, which is still relatively new. What is also new is how many organizations have embraced the technology in an effort to improve their security posture and keep their assets safe from the latest generation of attacks. The challenges with adopting the technology usually start with a lack of awareness, followed by the idea that Deception is a “nice to have” addition to an organization’s security stack, rather than the valuable multi-faceted tool that it really is.
When I’ve asked, “are you familiar with deception technology?” at various events, the answer can vary from “yes,” to asking whether I’m talking about honeypots, to the occasional “no, what’s deception technology?” People living it as practitioners, analysts, IR folks, etc., are often familiar with it and want to know more in detail, but as you get further from the day to day world of information security familiarity tapers off. This is really no surprise, as IT and network folks often don’t have the exposure or the need to be familiar with what’s cutting edge in the information security space. It can even depend on the venue, as different regions can favor different techniques.
The answer to that question determines where I take the conversation from there, whether it is going into how effective the technology can be at stopping advanced threats or explaining how the concepts represented by early honeypots have evolved into the modern security solutions we have now. When the answer is no, I have the opportunity to get right to the core of deception for defense and educate people about techniques and technologies that they may not have been exposed to before.
At this event, even with a small sample and my limited Spanish, I had the opportunity to talk about deception technology with folks from across the range. Deception is a concept that people can inherently understand. Information security professionals anywhere in the world know that we are all targets, that conventional security measures aren’t enough against the latest generation of threats, and that deception can be the game changer that gives them the edge.