Written by: Mackenzie Blaisdell, Content Marketing Manager – Last week, OODA Loop published an article on why “Deception Needs to be an Essential Element of Your Cyber Defense Strategy” while looking into in-demand, risk-mitigating cybersecurity technologies. It is not a surprise, as we have seen over the last few years the infosec community take a keen interest in deception technology for its ability to solve difficult problems that other security controls are not, such as its ability to drastically reduce dwell time and detect any type of attack across networks of any kind.
Recent research indicates a surge in interest around deception. According to the world’s largest technology media company, IDG, deception technology is the second most searched security solution from last year with over 40% of organizations actively researching it. And as stated by Gartner Analyst, Gorka Sadowksi, organizations should seriously look into deception as the first line of detection in the detection stack, as it’s:
- Simple, inexpensive, and it works
- The only alternative to super-expensive big data analytics
- An excellent option for systems not capable of generating telemetry and logs like SCADA and medical devices
- Has the best signal to noise ratio of any security technology
- A powerful IOC generator for threat hunting
So why the sudden interest in deception? Organizations are realizing that integrating this technology into their security stacks is a lot easier than they thought. Early honeypot technology was difficult and tedious to deploy, resource-intensive to maintain, and required highly skilled operators to interpret their results and rebuild after attacker engagement.
Modern-day deception is simple to use, requiring no additional operational overhead and taking much less time and effort to deploy. The solution integrates seamlessly into orchestration, SIEM, and traditional detection and response technologies, while increasing the ROI on these preexisting investments.
Organizations are no longer safe to assume that their prevention systems are 100% effective in keeping attackers out. 2019 is on track to be the worst year on record for breach activity. Compared to the midyear of 2018, the number of reported breaches and exposed records are up over 50%. As a result, organizations across the board are shifting their approach to an assumed breach position and are looking for tools that will provide visibility supported by actionable and substantiated alerts to quickly detect, isolate, and defend against cyberattacks from all threat vectors. Uses high-interaction decoys and endpoint, server, and application deception lures placed ubiquitously across the network, threat actors get tricked into revealing themselves.
Regardless of sector, deception technology can play a significant role in any cyber defense strategy. It is essential for corporations to continue to take steps to understand how attackers see them and implement tools that offer insight into what goals adversaries have in targeting your network and systems. Check out the original article for the different ways one can use deception for cyber defense from interfering with attacker intelligence, surveillance, and reconnaissance to disrupting attacker decisions and actions.