Illusive Blog June 9, 2016

Cyberattackers in An Endless Maze of Deception Technology

By Beth Ruck

Keeping Cyber Attackers in an Endless Maze

Cyber attackers only need one small crack in a security plan to invade and jeopardize an entire organization. As IBM and Ponemon Institute reported in their 2015 Cost of Data Breach Study: Global Analysis, this is becoming a costly problem for today’s businesses.

Results showed that the average total cost of a data breach for companies participating in the analysis increased 23% over the past 2 years to $3.79 million.

In 2013, The New York Times became a prime example of this. As part of a larger espionage plan, cyber attackers deployed malware to gather the passwords of every employee in the organization. These techniques evaded signature-based detection, and the attack persisted for 4 months before being discovered.

In the wake of increasingly sophisticated cyber attackers and the growing inefficiency of typical cybersecurity solutions, deception technology has emerged as an addition to defense-in-depth strategies that can turn the cybersecurity game around.

How Behavior-Based Cybersecurity Can Help Combat APTs

Despite the fact that signature-based antivirus software is incapable of stopping advanced persistent threats, a majority of IT and security professionals continue to use it as a main line of defense. However, even defenses that are more advanced can fail as attackers adopt more powerful tools and tactics.

Tweet: One characteristic of #advancedpersistentthreats (#APTs) is the use of customized #attackvectors.One characteristic of advanced persistent threats is the use of customized attack vectors. Following a lengthy reconnaissance process, attackers can learn which open-source web applications leave your organization vulnerable. Attackers can then create, for example, polymorphic malware that is capable of actively morphing to evade both signature-based defense solutions and more advanced sandboxes.


Creating customized attack vectors requires challenging processes such as register renaming, code shrinking and garbage code insertion – but the result is a piece of malware that is purpose-built to compromise your network.   

Defending against these purpose-built advanced persistent threats requires cybersecurity teams to think more like their attackers by implementing behavior-based detection rather than signature-based solutions.

There is a need to deploy a new proactive strategy that stops malicious actors in their tracks instead of giving way to inefficiency—and deception technology is the piece of defense-in-depth cybersecurity that can put your attackers in an endless maze.

Can APTs Detect Deceptions in Your IT Network?

Tweet: #CyberAttackers launching #AdvancedPersistentThreats (#APTs) aren’t concerned with “the quick score.”Attackers launching advanced persistent threats aren’t concerned with “the quick score.” Rather, they employ a “low and slow” mentality focused on avoiding detection.

With polymorphic malware and other types of adaptive attack vectors challenging cybersecurity, the question remains—can advanced persistent threats detect deceptions?

The Deceptions Everywhere® architecture® uses behavior-based detection to statistically eliminate any ability for cyber attackers to evade your defense measures.

By blanketing the entire network with deceptions, attackers can’t rely on the data they use to move laterally through your network—and the Deceptions Everywhere® architecture is proven to detect attackers within three lateral movements.

The architecture is designed with scalability in mind, using a centralized control scheme that allows administrators to efficiently define and deploy virtually unlimited numbers of deceptions. These deceptions exist apart from ordinary users and administrators, and no legitimate user would ever encounter or interact with an illusive deception.

In addition, assets that host deceptions don’t just contain empty space. Rather, they have data that appears to be real: databases full of fake users, connections to fake endpoints, the kind of full and populated environment that would lead an attacker to suspect that he or she is attacking a real server.

Once the malicious actor attempts to use this information, the Deceptions Everywhere® ® architecture sends an alert and begins collecting forensics.

When security professionals use this technology, they can defend their most critical assets while gathering accurate information on attackers—thus making them more educated and prepared for the ever-evolving arms-race of cyber defense.

If you’re ready to lure attackers away from your sensitive data using the Deceptions Everywhere® technology together with Attacker View™, which lets you see a complete map of your network from an attacker’s point of view, contact us for a free demo.


Recommended Reading for You: