Whether in battle or IT security, the best defense is a good offense.
As many cyber-security professionals are quickly discovering, the tools and technologies they employ to detect and block cyber attacks are no longer enough. Instead, cyber-security professionals are now finding more proactive solutions for rooting out threats through the use of advanced luring techniques and engagement servers.
With an average of 46 days passing before an attack is resolved, according to a 2012 study by the Ponemon Institute, deception techniques are becoming vital in the fight against cyber attacks, since they can root out and prevent hackers from completing their mission when detection alone proves not enough.
What is dynamic deception?
This approach seeks to proactively lure, trap and analyze a hack before it causes damage. Dynamic deception is often deployed as a front-line defense for preventing breaches but can also be a useful tool to gain a better understanding of threats and vulnerabilities.
Why is it becoming more popular?
One doesn’t have to look much further than media headlines to see that prevention systems alone have failed to stop major hacks and attacks in recent years. These breaches have inspired a trend of more proactive detection as the next line of defense. Furthermore, dynamic deception guards against attack patterns that are lesser known and harder to detect and defend against.
How does it work?
Deception methods seek to detect intrusions that have gained access to the network before a costly and damaging attack can be carried out. With lures placed on endpoint devices, deception credentials actively draw attackers toward deception engagement servers instead of enterprise servers. In doing so, they provide continuous, real-time detection against cyber threats, including less familiar attack patterns, while capturing the methods and intent of hackers to help prevent against future attacks.
How is dynamic deception different than a honeypot?
It’s not uncommon for IT security professionals to deploy a honeypot server, which appears to be an integral part of an organization’s network but is in fact just bait for attackers, or a honeynet, which deploys two or more honeypots on a network to protect larger or more diverse types of information. Dynamic deception tactics, however, take things a few steps further, using endpoint and distributed engagement servers to actively attract malicious users and programs. This allows for real-time detection, the ability to communicate with a command-and-control centre and the ability to update prevention systems in order to shut down attacks before they’re carried out.
What are the costs?
Advancements in technology have allowed dynamic deception tools to become relatively non-disruptive to deploy and operate with relatively little upkeep. In order to function properly, they should not require any signature or database lookup, network topology, traffic changes or heavy computation.
With the average cost of a breach reaching US$15 million, according to the Ponemon Institute, companies are starting to take a more proactive approach to security. And dynamic detection is proving itself a powerful new weapon for IT security teams defending their digital assets.
Image courtesy of Free Digital Photos