Deception Technology Beyond Honeypots
Deception technology adoption is growing. According to MarketWatch reports, the global deception technology market is expected to reach $2.4 billion by 2022. Innovation has driven the expansion of this technology by adapting to new attack vectors. Deception technology methods have evolved to catch previously undetectable attacks. In this article, you’ll learn what deception technology is and how it has advanced.
What Is Deception Technology?
Deception technology consists of a set of security tools designed to trick threat actors that are attempting to infiltrate your systems. Deception technology uses decoys to direct the attention of attackers to fake assets or sandboxed environments, preventing them from reaching their target.
When attackers enter a network they are lured to decoys with enticing file names or carefully constructed “vulnerabilities”. The decoys are as realistic as possible, simulating genuine systems and digital assets. This causes attackers to believe they have gained access to your network and hopefully stalls them while you are alerted.
Some of the benefits of using deception technology include:
Early post-breach detection
Deception technology helps security teams detect attackers early in their journey by sending alerts as soon as an attacker has made contact with a decoy. Decoys are only meant to detect attacks so any alerts that are triggered can be immediately trusted and responded to.
Monitoring the attackers activity
Decoys typically record and log the techniques and attack vectors used by the criminal. This logging can provide you with valuable information for improving your system security. You can use the insights gained from decoys to improve security tools and identify previously unknown vulnerabilities.
Scalability through automation
Automated alerts are a key feature of deception technology. Automation eliminates the need for manual intervention and enables security teams to easily monitor decoys regardless of system size. Moreover, next-generation deception technology can automate decoy deployment and allow for autoscaling.
Versatility
Deception technology can be applied to a wide range of environments, including legacy technology and even include IoT devices.
Deception technology is particularly helpful to protect from the following threats:
- Credential theft — a common method of attack is compromising user credentials. Attackers often obtain privileged users’ credentials by tricking them with phishing scams and similar methods. Criminals then use the stolen credentials to enter the network with malicious purposes. Deception technologies use false credentials and decoy interfaces to restrict attackers to decoy environments.
- Lateral Movement — once an attacker gains access to a system, they usually try to access other areas of the network. Deception technology lures the attacker by offering attractive targets, preventing them from continuing to search for a real target.
- Man-in-the-Middle — this type of attack involves an attacker intercepting the communication between two parties without their knowledge. Deception technologies can help distract the attacker by giving a false target so criminals think they intercepted real communication.
Deception Technology Types
Deception technology comes in a variety of forms to suit your needs. The most common forms are explained below.
Honeypots
Honeypots are files or environments designed to be appealing to attackers. Honeypots can simulate databases, individual files, or an entire desktop.
There are two main types of honeypots, research honeypots, and production honeypots. Research honeypots focus on gathering information about criminal techniques and methods and are often placed in “the wild”. These tools provide information to security researchers which they can use to improve security solutions and strategies.
Production honeypots focus on luring and stalling an attacker and usually are located with production servers. Security personnel can also use the information gained from these honeypots to improve security measures.
Low-interaction decoys
These decoys emulate devices or applications, such as a login screen or dashboard. When an attacker wants to log in with stolen credentials, the decoy sends an alert. These types of decoys are commonly used to protect Internet of Things networks.
Endpoint deception technology
These types of decoys emulate the point where attackers usually enter a network, an endpoint. Decoy endpoints can be the entryway to an entire simulated network or just a facade.
Next-Gen Deception Technology
Modern cyber attacks have grown more sophisticated and aggressive. Data breaches are more severe, and there is often a time gap once the attacker is inside the system. These changing attack factors require more dynamic solutions than traditional deception technology can provide. Fortunately, next-generation deception platforms offer sophisticated, machine learning capabilities to combat these attacks.
Next-generation deception technologies can now create realistic, running networks, applications, and data that appear native. Deception platforms leverage artificial intelligence to automate the creation of traps as needed. This enables you to more uniformly cover your systems and more reliably trap attackers.
Another characteristic of the new deception solutions is these tools integration with other security technologies, such as Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) solutions. Deception tools send alerts to these systems earlier in the attack lifecycle, enabling faster incident response.
Conclusion
Honeypots are still useful, but today’s next-generation deception platforms provide improved solutions for a greater number of use cases. These improvements have resulted in organizations more widely adopting deception technology solutions. In fact, a June 2019 survey by the Enterprise Management Association (EMA), showed 30% of respondents ranking deception technology as the most effective tool in detecting insider threats.
Deception technology is not a one-size-fits-all solution against all threats. However, implementing next-gen deception technologies can provide an effective complement to the security posture of your organization.
