Sun Tzu, Chinese general, strategist, philosopher, and author of the classic book “Art of War,” once stated that all warfare was based on deception. Deception creates the view that one’s defenses are passive when the opposite is the case. From a cybersecurity perspective, deception is used to detect when a cybercriminal or threat actor, whether internal or external, is attempting to access resources. So how do deception technologies aid in securing an enterprise cybersecurity environment? Let’s delve into some of the specifics.
What is Deception Technology?
The concept of Deception Technology has been around for a while. Some readers might remember the terms honeypot or honeynet. For those who do not, a honeypot or honeynet, from a cybersecurity standpoint, are elements of the environment that are created for the sole purpose of detecting reconnaissance and/or countering a cyber threat. A honeypot is designed to act as a lure to the malicious cybercriminal that threatening your network, essentially behaving as a network burglar alarm to aid in threat detection for any cybercriminal that is in the midst of planning an attack on your network or has already breached the environment.
Fast forward a few years to the present day. Deception Technology has come a long way since the days of the honeypot. Today’s Deception Technology can include a wide variety of lures, from a virtual server to a login account to an IOT device such as a camera. Combining the ability to present any element of IT technology as a detection device to a cybercriminal’s malicious activity with advances in automation and Machine Learning (ML) provides a powerful deception tool for detecting and remediating cybersecurity threats in your enterprise.
How Does Deception Technology Work?
So how does it all work? How can today’s cybersecurity leaders use Deception Technology to stay left of boom? As with any security initiative, the first item on any agenda should be to assess risk. An organization needs to identify the cybersecurity and business threats the organization faces and focus their cybersecurity remediation and incident response efforts on reducing or remediating that risk. Deception Technology is designed to address cyber threats from the external cyber criminals that are trying to find and exploit a vulnerable system to assets that are misconfigured to an angry employee that is attempting to gather intellectual property or trade secrets to sell to a competitor. Using Deception Technology as a threat detection measure can give any organization advanced warning of cyber threats. And having that advanced warning is a key element to countering cyber threats and remediation.
Making Deception Technology Part of Your Toolkit
Deception Technology should be part of every IT organization’s toolkit in 2023. It is so important, NIST added Deception Technology to their recommended practices. NIST 800-160 includes Deception Technology as part of a well-rounded cyber resiliency framework. NIST 800-160 is designed to guide organizations in developing a “trustworthiness of systems with the capability to anticipate, withstand, recover from and adapt to adverse conditions…”. By incorporating Deception Technology into the framework, NIST is bringing the concept of an early warning threat detection system to the enterprise.
Mind you, most organizations already have rudimentary cybersecurity elements of an early warning system. Be it by using a SIEM or an NDR/EDR platform or the combination of both, some organizations were gaining visibility into cyber threats that were transpiring on their networks. The problem with this approach to threat detection is determining what is a legitimate cybersecurity threat and what is a false positive. After a while, the cybersecurity team becomes numb to the volume of cyber alerts and tends to ignore them. False positives degrade a cybersecurity teams’ ability to respond to cyber threats. The benefit of using Deception Technology is that any threat detected that is received via the deception tools is a legitimate cyber threat.
How is that? Why should you view every cyber threat sent via your Deception Technology solution as a legitimate concern? It is because the cybercriminal does not know that they are attempting to compromise a decoy or a lure. The threat actor, be it internal or external, thinks that the asset they are attempting to compromise or the host they are trying to access is a legitimate target. Only you know that the assets are not real. That is why any threat detected from your deception tools MUST be treated as a cyber-attack in progress.
Deception Technology is not just limited to IT assets. The technology extends into the Operational Technology or OT space. OT is considered the lifeblood of many organizations. If a cyber incident were to impact an organization in its OT environment, the impact could be catastrophic. Being able to create virtual PLCs or other OT technology elements is crucial for detecting infiltrations into critical infrastructure. Countering cybercriminals from state-sponsored organizations to the curious hacker are a constant challenge to critical infrastructure and manufacturing companies.
Deception Technology Solutions
Where can an organization go if they are interested in Deception Technology? Mainline partners with organizations that have developed the best-in-breed Deception Technology, from Fortinet’s FortiDeceptor to Commvault’s ThreatWise to Zscaler’s Deception offering. The ability to be able to identify the threats to your organization before the boom is key to protecting both your IT and OT investments.
Featured Cybersecurity Solutions
Mainline Information Systems has deep-rooted skills to help companies develop and implement the security solutions needed to protect their organizations. As a Fortinet Expert Partner, as well additional strategic partner relationships including Rubrik, IBM, Commvault, Zscaler, Cobalt Iron and more, Mainline architects best-fit security and networking solutions for our clients.
A quick peek at some of these cybersecurity solutions:
- Fortinet has solutions that can address a wide variety of security challenges from the data center to the cloud.
- Rubrik offers air-gapped, immutable, access-controlled backups, as well as data observability and remediation capabilities.
- IBM offers a wide range of enterprise cybersecurity solutions including Zero Trust, Cloud, Ransomware and IAM.
- Commvault addresses the challenges in the backup and recovery space.
- Zscaler allows for secure connectivity from anywhere at any time.
- Cobalt Iron offers enterprise-grade data protection solutions and they are a Sheltered Harbor solution provider protecting critical financial data both on-prem and in the Cloud.
Together we help our customers solve today’s, as well as tomorrow’s, security challenges. From security assessments and analyzing the current architecture to designing and implementing a new solution, Mainline has the proficiencies necessary to put your company on a secure footing.
More Information
For more information about Deception Technology, cybersecurity and networking solutions, and data protection and resilience, please contact your Mainline Account Executive directly or reach us here.
You may be interested in:
BLOG: Zero Trust – Fact or Fiction? Avoiding the Hype
BLOG: Cybersecurity in 2022 – 5 Priorities for Business Leaders