These days it’s not enough to try to keep cyber-thieves and online spies out of your company’s network — there’s a good chance they’re already in.
That’s the rationale behind “deception technology,” a sector of the cybersecurity business that grew out of the reality that no matter how good a firm’s “perimeter security” may be, a global army of extremely clever, morally compromised technologists is working diligently to break it.
The trick, according to Carolyn Crandall, the “chief deception officer” of Attivo Networks in Fremont, is to catch them once they’re inside. In cybersecurity parlance, this is known as “detection.”
“The premise of security was originally built on having a perimeter. Build your castle or your fortress and nobody can get in,” Crandall said. “And we know that that’s not realistic, if you look at the simple number of breaches that happen. The innovation that attackers are able to use is outpacing that of typical cybersecurity.”
Online attackers can be very sophisticated, and the longer they’re poking around inside a network — the average is 100 days — the more time they have to locate what they want to steal, then trick employees, suppliers or affiliates into providing login credentials to access that data, or find vulnerabilities that let them pilfer it directly, Crandall says.
So Attivo sets what it calls decoys, traps and lures. These are faked elements in a firm’s computer network and its contents that an attacker would see, virtually represented, once inside the network — like a server, router, desktop computer, data file, or maybe some login credentials in a web-browsing history. The elements look real to a cyber-intruder, but would never be accessed by anyone who is actually authorized to use the network. If a hidden malefactor exploring the system hits one of those elements, the attacker is exposed. The victim can then take appropriate security measures, and possibly contact law enforcement.