Gartner: Deception Technology the Key to Fight Cyber Threats
Smart IT professionals already have defense-in-depth, equipping their networks with firewalls, anti-malware, intrusion detection, prevention – and all other manner of security technology.
Despite these efforts, attackers still break in. In the case of data breaches, you may not even know you’ve been compromised until months or even years later, when it’s too late to mitigate the damage.
Gartner recently published the Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities report, which states that a cyber security approach using advanced deception techniques is a must-have for IT, since it spots attackers as soon as they make their first move.
Deception technology isn’t just cool; it’s an essential part of a full security arsenal—and is becoming increasingly popular.
The Deception Technology Backstory
Cyber security measures that rely on deception aren’t necessarily new. The old school honeypot models try to lead attackers to what they believe is a gold mine of corporate information.
The issue is that honeypots are a limited solution. Cyber attackers have proven time and time again that they are more than capable of spotting (and avoiding) honeypots.
Honeypots may be adequate for detainment, but lack early detection capabilities in the post-break infiltration phase.
When attackers manage to break into the network, they are welcomed into a world that appears to contain real corporate data.
Now tantalized, attackers will move from one data set to another, certain they have landed on information that will lead them to the mother lode. Meanwhile, their every move has been tracked, and they are stopped before they ever compromise real data.
“Although still nascent, deception as a defense strategy against attackers has merit, and can be an attractive new capability for larger organizations desiring advanced threat detection and defense solutions,” remarked Gartner analyst Lawrence Pingree.
Given that this area is relatively new, and the technologies within it are advancing quickly, there is a learning curve for IT.
However, this is a topic that IT would do well to understand. Gartner agrees, arguing that deception technology is a major breakthrough. “Deception as an automated responsive mechanism represents a sea change in the capabilities of the future of IT security that product managers or security programs should not take lightly,” the report states.
Deception technology is of interest to IT to achieve superior threat detection, and to the vendor community, which should consider adding deception to its security portfolios.
This is all part of a much-needed effort to drastically reduce the number of data breaches companies experience each year. For now, deception is a specialized area of security served by a small cadre of pioneering vendors.
Deception Technology—A Means of Studying the Enemy
Deception doesn’t just enable companies to stop stop attackers in their tracks – it’s also a key way to learn about players and their techniques.
The threat intelligence gathered by deception systems offers forensics insight into who the attackers are and which techniques they use during a data breach. There is an opportunity to share this data with the security community and give user organizations a heads up on what attacks may be coming their way.
As deception technology becomes more widespread, the community of users and vendors can share information about new and persistent threats. This lets IT know what to prepare for, and for security tools vendors to build more threat-specific protections and detections into their tools.
“Threat intelligence sharing continues to provide significant improvement in security for many organizations. This threat intelligence data could lead us toward intelligence-led deceptions—where a threat actor that is known to originate from a certain location or uses a certain pattern of engagement can be led astray, versus given access to sensitive systems, applications and data types,” Gartner said.
How illusive Fits into the Deception Technology Scene
At illusive networks, we take a distinctly different approach to battling back cyber security attacks. Instead of just looking for signs of intrusion or malicious code, illusive focuses on identifying and tracking the attackers themselves—the human factor.
illusive’s Deceptions Everywhere® architecture overwhelms attackers with false data interspersed with real data to the point where they are no longer sure which network elements are real and which are illusive.
By placing attackers in this network “house of mirrors,” post-data breach lateral advancements slow significantly and virtually guarantee that your adversaries will set off notifications very early in the infiltration phase, providing IT professionals with real-time visibility to stop them in their tracks.
- Standing Up to the Boardroom on Cyber Security Threats
- [Infographic] Warning Ahead: The Cyber Threat from Within
- Filling in the Cracks: Ramping Up Injection Vulnerability Defenses