As the allies prepared for the D-Day invasion they employed deception to trick the enemy into fortifying the wrong place. To give the appearance of a massive troop buildup in southeast England, the Allies created a largely phantom fighting force. In later discovery it was proven that this deception worked. Today as we are in a cyberwar deception technology is another layer of defense we should consider.
The aim of deception technology is to prevent a cyber criminal that has managed to gain access to the network from doing damage to real assets. The technology works by generating traps or decoys that act like legitimate systems throughout the infrastructure. These decoys can run in a virtual or real operating system environment and are designed to trick the cyber criminal into thinking they have discovered a way to escalate privileges and steal credentials. Once tricked, heavy monitoring occurs and notifications are sent to a centralized deception server that records the affected fake system and the TTPs (tactics, techniques and procedures) that were used by the cyber criminal.
For this to work effectively it must look real to the threat actors. If they suspect they are being deceived they will escalate to attack your real assets. Many forms of deceptive technology employ machine learning and adapt to the attacker’s TTPs. In this way they can be ‘trained’ to the attacker’s action on objective and allow the attacker to feel they have struck gold.
One of the main goals of modern cybersecurity is to demonetize cyber-attacks. If the threat actors see little or no value to their attacks they could potentially turn their attention away. Of course, this is effective only true if those attacking are doing so for monetary gain, however deception can help in three ways, keeping the attacker engaged, pass fake valueless information which can be utilized to potentially identify the breach or advisory, and if so enabled feed the indicators of compromise into a well-defined threat intelligence platform to identify other attacks.
With nation state threat actors and all others not motivated by money, deception technology enables defenders to harvest real world threats against their organization. This enables new evolving threats to be more easily detected and increases the costs of each attack for the criminals.
Deceptive technology is migrating from emerging to mainstream. It’s another tool you may want to consider putting in your toolbox.