Faced with an ever-increasing range of sophisticated cyber threats and evolving attack surfaces, IT security teams are adopting a new line of defense: deception. They recognise that, despite there being a range of security tools and services in place, cybercriminals are still managing to bypass them and gain entry to infrastructures. Clearly, a new approach is required. That new approach is based on cyber deception.
Deception puts increased power into the hands of security teams by comprehensively protecting against attacks from both external parties and malicious insiders, accurately notifying that something is wrong, and by delivering detailed threat intelligence for prompt remediation.
Advanced teams can go so far as misdirecting attacker actions and altering feeds to attackers automated tools in order to confuse the adversary and the derail attack.
A deception strategy involves deploying decoys, lures, and bait such as fakes systems, applications, file stores, and credentials within a corporate IT infrastructure that actually have nothing to do with day-to-day activity but appear as if they do.
Because staff have no reason to access these resources, any time there is engagement, it is highly likely that the activity is a cyberattack or at a minimum a policy violation that needs investigation.
Read the complete article by Attivo Networks A/NZ regional director Jim Cook.