According to Gartner, “Deception technologies are defined by the use of deceit and/or feints designed to thwart or throw off an attacker's cognitive processes, disrupt an attacker's automation tools, delay an attacker's activities or disrupt breach progression. Deceptions are achieved through use of deceitful responses, purposeful obfuscations, feints, misdirections and other falsehoods. These techniques leverage the trust that attackers and the attackers' tools must have in the network protocols, infrastructure, applications, systems and data elements they interact with or access during the execution of their attacks or throughout their intelligence gathering activities. Deception in this context is used as a technique for defensive or disruptive purposes, and is not offensive in nature.”
Imagine for a moment, that once malware is detected in an end user's environment, the user's systems had the ability to begin to lie to the attacker at the other end of the command-and-control console, or to the malware itself on the infected endpoint, or both. These capabilities are now becoming a reality. Use of deception through use of honeypot sensors as a detection measure has often been a security practitioner's dream, yet has been unattainable because the honeypot sensors of the past required too much administration, handholding and maintenance, and were mostly based on open-source code. Honeypots have been perceived by some to potentially add additional risks by enraging the threat actor, creating new security holes or increasing liability for an organization if the attacker were to compromise a system, and then begin to attack outwardly onto the Internet from the honeypot itself. Today's honeypot has evolved toward greater automation, and offers enterprise-class features and operations capabilities. Product managers need to encourage product marketing managers to examine and enhance their messaging based on the types of deception techniques they can use, threat deception effectiveness and what deceptions they already use in their products, to enhance and communicate their threat defence capabilities against advanced advisories.
Deceive Attackers with TrapX DeceptionGrid Platform
The TrapX DeceptionGrid platform protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement, Advanced Persistent Threats (APTs) and sophisticated cybercriminals. Any activity from the “lightest” reconnaissance to advanced breach attempts is contained, recorded and alerted enabling immediate remediation.