Deception is usually frowned on by most societies and can carry negative connotations. But can deception ever be a positive? Cybersecurity company Attivo Networks believes that it certainly can be.
Anton Jacobsz, managing director at Networks Unlimited, a South Africa-based value-added technology distributor of Attivo Networks, says: “Companies are recognising more and more that a new approach is needed in today’s cybersecurity defence strategies. During the past few years, the pace and intensity of malware, ransomware and phishing attacks from those looking to steal information have increased significantly. Our vendor partner, Attivo Networks, offers another, completely different layer of protection in the form of ‘deception technology’. It’s an excellent and complementary addition to any company’s layers of cyber protection strategies.”
Advanced deception technology platforms offer the capability to exercise deception-based detection throughout every layer of the network stack, enabling efficient exposure for every threat vector. Using high-interaction decoys and lures, deception solutions effectively deceive attackers into revealing themselves, thereby closing the ‘detection deficit’. With early visibility into threats and the evidence-based alerts required to accelerate incident response, deception technologies are rapidly becoming the solution of choice for organisations looking to implement an active defence strategy and accelerate incident response.
As a result of the effectiveness of advanced deception technology, organisations across all major industries in North America, including retail, energy, and healthcare, are aggressively adopting these solutions. FBR Capital Markets forecasts that the deception technology market as a detection security control will grow to US$3 billion by 2019, three times its size in 2016.
Jacobsz clarifies: “The ThreatDefend Deception and Response Platform from Attivo Networks is designed to make the entire network a trap and to force the attacker to have to be right 100 percent of the time or risk being discovered. The solution is based on six pillars, which include visibility, real-time detection, malware and phishing analysis, forensic reporting, incident handling, and response.”
The solution combines distributed, high interaction deception decoys and lures designed to provide early visibility into in-network threats, efficient continuous threat management, and accelerated incident response. The platform provides a ‘hall of mirrors’ environment that is baited with lures and traps, while making deception decoys completely indistinguishable from company assets. The decoys attract and detect attackers in real-time, actively engaging with them so that their movements and actions can be safely analysed, and evidence-based alerts raised.
“Deception technology is now coming into its own. Early adopters of intrusion detection technology faced challenges with accurate detection, because these solutions were either based on known signatures, attempting to pattern match, or looking for anomalous behaviour. In the early days, the results were unreliable and generated high volumes of logs and false positives. With limitations such as staffing and time constraints, many of these alerts were simply ignored, and attackers then took advantage of inefficiency, sometimes going undetected for an average of 200+ days. Today, however, advanced deception technology is a force to be reckoned with in the cybersecurity field. You could think of it as the ‘smoke and mirrors’ arm of your cybersecurity arsenal, ultimately using the art of deception in the ongoing fight against those who aim to hold others to ransom,” Jacobsz concludes.