Simple deception techniques such as honeypots have been around since 2000s. New, AI-powered deception technology techniques enable companies to delay and identify cyber attackers to prevent and manage various cyber attacks.
What is deception technology?
Traditional network security consists of a limited number of responses which include logging, rejecting, quarantining intrusions. While these responses can block individual attacks, actions such as rejecting are visible to the adversary. Skilled adversaries can learn from these responses, increase the sophistication of their attack and test their target’s defenses. Instead, when dealing with intruders, companies can also rely on their attacker’s greatest weapon: deception.
Deception technology grew out of honeypot security systems. These systems left honeypots or decoy systems & data to attract hackers who have already accessed company’s systems. Once decoy was accessed, internal security team could be alerted and mitigation actions could be taken. Though valuable, these honeypots required significant administration and maintenance.
Modern deception technology involves distributing sensors across an enterprise’s digital assets such as endpoints, network, application and data. These sensors mimic enterprise applications.
Their primary differentiation from the previous generation of honeypots is that grater automation enables minimal setup and maintenance costs. Additionally, they have gained more operational capabilities designed to deceive attackers. Once intrusions are detected, automated responses can be implemented, buying security professionals valuable time. These tools can also use intruders’ trust of internal systems to isolate their access, waste their time and resources.
What are benefits of deception technology?
A deception system can prevent an intruders’ access to critical systems and data, effectively locking the intruder in a decoy network with endpoints, applications and data. While this causes the intruder to waste time, security teams can devise solutions.
Kill chain concept was developed by Lockheed Martin to categorize different phases of a cyber attack. It includes the steps:
- Action on objectives.
Deceptions are possible at every stage of the kill chain. For example, during reconnaissance phase, false data may be shared with suspicious accounts to test if their intention is to illegally access the system.
We have a comprehensive list of deception technology providers if you are interested in identifying the right solution providers to work with. and if you need a more general AI solution:
How can we do better?
Your feedback is valuable. We will do our best to improve our work based on it.