ISSA, Capture the Flag, and Deception
By: Carolyn Crandall
Last week, Attivo Networks participated in The Information Systems Security Association (ISSA)® event in San Diego, CA. With the theme of “the Digital Danger Zone,” the conference focused on topics ranging from incident response to application security to business skills for the information security professional. Apart from educational forums, publications, and peer interaction opportunities, ISSA hosted a capture the flag (CTF) event, which is always a fun way to test one’s practical information security knowledge. This year, Attivo participated in the CTF as well as a speaking session, Cybersecurity of Interbank Messaging and Wholesale Payment Networks.
Capture the Flag
The CTF is a competition designed to test a person’s information security knowledge and ability to apply offensive and defensive security techniques to either attack or defend an object. These competitions distill major disciplines of professional computer security work into short, objectively measurable exercises.
This year, the CTF came with a twist: Attivo Networks added deception into the CTF environment to test if a deployment of decoys, lures, and bait would pass the scrutiny of the participating teams. An Attivo BOTsink appliance was deployed into the CTF environment with several deceptive assets including fake flags, decoy accounts, and decoy services. These deceptive assets look identical to the production assets in the environment and act as traps for when attackers make lateral movements and stolen credential attacks in the network.
The outcome was not surprising: the teams that interacted with the decoys could not identify them as decoys through engagement alone. The BOTsink solution recorded all of the attacker activity as the teams interacted with the decoys throughout the exercise, including reconnaissance activity, access attempts, operating systems, MAC addresses, host names, services targets, accounts they used to access decoys, and more.
The results of the CTF exercise act as a strong validation of the ability of the Attivo Networks deception platform to not only deceive attackers into revealing themselves, but also capture detailed attack forensics that allow security teams to understand attacks and accelerate their incident response process.
This year we were fortunate to present twice. The first was a presentation by our Chief Marketing Officer, Carolyn Crandall. Her presentation, titled, Deception in the Digital Danger Zone, focused on the role of deception technology in the “Digital Danger Zone”, why current security controls aren’t stopping breaches, and why organizations need deception technology to detect in-network threats and accelerate incident response. In addition to educating attendees about the latest in deception tech., Carolyn’s presentation served as an introduction Tarah Wheeler, the keynote speaker and lead author of the 2016 best-selling “Women in Tech: Take Your Career to The Next Level With Practical Advice And Inspiring Stories”.
The second presentation was an ISSA speaking session and discussed defending banking-related financial messaging (the SWIFT Interbank Financial communications network) and Point-of-Sale (POS) systems from breaches using deception in a talk titled, Cybersecurity of Interbank Messaging and Wholesale Payment Networks.
Discussing the numerous breaches that have affected both SWIFT and POS systems, I highlighted deception technology as an ideal solution for detecting criminals as they attempt cyberattacks in order to commit fraud. Additionally, the talk covered how organizations equipped with the Attivo Networks ThreatDefend Platform are able to detect when attackers breach a network to plant malware on SWIFT software to send fraudulent transactions and steal money, or when they attempt to infect the POS infrastructure of a retail entity after bypassing perimeter controls. If your organization is a financial or retail organization, you should consider evaluating the ThreatDefend platform as a solution to help defend your internal network.
The International Conference was a important collaboration between ISSA and Attivo Networks. Not only did our sponsorship of the CTF event add an interesting and challenging hurdle to the participants, but the results also proved a strong validation of the ThreatDefend platform. In the theme of “the Digital Danger Zone”, Cybersecurity of Interbank Messaging and Wholesale Payment Networks reminder participants of the dangers facing SWIFT software and POS systems, and discussed how deception technology helps to mitigate those risk.
Thank you to all who stopped by our booth! See you next year!