Deception has long been a fundamental part of military strategy around the world, dating as far back as ancient Egyptian times. It’s a key part of Sun Tzu’s The Art of War. Technology has made methods of deception more sophisticated, of course, but the basic premise has stood the test of time: know yourself, deceive your enemy. Armed forces the world over have used this strategy, and civilian industries have a real opportunity to learn from the successes of the military when it comes to deception technology.
Deception will be the security watchword of 2018.Bringing deception technology to the masses.Deception technology has a lot to offer to non-military organisations, and there is a lot to learn from deception’s successful track record in the military.
The many benefits of deception include:
- Organisations can steer away the biggest risk they have – the risk of high-impact cyberattacks, the type of attacks that can bring a company down.
- Cost savings through the reduction of false positive alerts, and dramatic reductions in incident response time. Security operations centre (SOC) efficiency is top of mind today, with floods of new alerts straining already overworked security teams. Modern distributed deception platforms produce only high-fidelity notifications, meaning less time wasted chasing false alarms, and less time required to research each incident. More efficient SOC processes mean less burnout and turnover, alleviating the security skills gap.
- Deception can help with both due diligence and integration when it comes to mergers and acquisitions (M&A) – assessing the attack surface is a critical step. When Verizon bought Yahoo, the discovery of a security breach reduced the acquisition price by $350 million. From assessing the attack surface in the due diligence phase to both assessing and detecting attackers in the integration phase, deception technology helps the acquiring company better understand their risk and the attack surface they will be responsible for going forward.
The deception market is evolving rapidly, with most analysts now actively promoting deception technology, and major global firms rolling out deception across their estates. However, two areas of confusion often still raise their heads. The first is that people tend to conflate honeypots and distributed deception. The two are not synonymous. Honeypots – now properly referred to as Fully Interactive Decoys, or simply Decoys – are a form of deception. Decoys have a role in threat intelligence gathering, but are not useful in detecting, diverting, or stopping attacks.
Distributed endpoint deceptions – tiny, inert, data elements broadly spread throughout the environment – offer the fastest, earliest, and most reliable attack detection mechanism available today. Environments protected by this easy to deploy, simple to operate approach are virtually invulnerable to successful attacks.
The second area of confusion is the misbelief that deception is somehow sophisticated or complex. For organisations that barely have mastered cybersecurity basics, deception may sound advanced. However, advances in automation and machine-learning have removed the challenges of deploying and maintaining highly authentic deception technology.
Best practices for implementing deception technology successfully
Be very clear about what use cases you’re trying to solve. Establish clear objectives and evaluate and implement accordingly.
- Understand your organisation’s culture of change. While the ease and simplicity of today’s deception technology allows for near instant estate-wide deployment, some organisations take more of a phased approach. They may start with specific threat vectors. For instance, generally conservative large banks might deploy deception only around their SWIFT environment and, based on success there, expand deception to the rest of the organisation over time.
- Understanding yourself is first key to Sun Tzu’s deception strategy, “I will force the enemy to take our strength for weakness, and our weakness for strength, and thus will turn his strength into weakness” Unfortunately, many organisations don’t have adequate visibility into their own strengths and weaknesses. As you begin your deception implementation, the first step is to understand your attack surface, where might the attacker find weakness? Do you have exposed domain credentials? What pathways exist in your organisation that lead an attacker to your crown jewels? How can these be reduced?
Plan for success
Deception is an effective and fundamental military tool. It’s been practiced at least since ancient China and is still heavily used today because, if implemented properly, it works. Deception provides a proactive stance that lets you get ahead of the game. Rather than reacting to an attack, you are the one defining what happens, not the opponent.