By Moshe Ben Simon, CEO – TrapX Security
Key factors to cybersecurity credibility and authenticity
A honeypot is a cybersecurity tool used to detect, deflect, and counteract unauthorized system use. These traps seem to be part of a site or network but are closely monitored and isolated by cybersecurity. Appearing to contain vital resources or data, honeypots attract the interest of would-be attackers. This type of technology has been around for nearly twenty-five years and was a popular way to fight worms of the late ‘90s.
A research-based approach helped open-source groupies apply the security measure to networks of all shapes and sizes. Over the last several years, however, the honeypot has evolved in response to more innovative attacks. Large enterprises around the world are adopting what is now known as deception technology to gain early breach detection and further network visibility. As a result, a common question arises among potential clients; why has deception suddenly become a key component to cybersecurity stacks?
The answer is quite simple. Today’s Deception Technology is more scalable, easier to install, and more passive than the honeypots of the past. Zero false positive and early detection has become the standard for enterprises with a large volume of network traffic. Sounds simple, right? Unfortunately, many find it difficult to adopt an accurate and precise alert system. A large number of huge organizations fail to recognize the need before it is too late. Attackers continue to breach these large companies and steal sensitive data every single day.
A recent report by Gartner titled “Solution Comparison for Six Threat Deception Platforms” made a deep technical analysis of deception technology providers and products. The report covered six deception companies offering a broad range of capabilities, features, and metrics. Insight into the core technology identified three areas every piece of deception technology must include. These primary attributes are:
- Scalability: the platform must support large and hybrid enterprise networks
- Credibility and authenticity: accuracy must be high to avoid an adverse fingerprint
- Ability to mimic: an authentic customer environment including IT/IoT/OT and the data/application layer
The above key points set the bar for deception technology going forward. Let’s take a deeper look!
Scalability should include:
- A mixed-mode of emulation and Full OS decoys
- An ability to cover a large network with thousands of network segments such as on-site and cloud infrastructure
Credibility and authenticity should include:
- Decoys with a single IP address as opposed to a shared model covering various networks (see image)
- Bait that avoids reverse fingerprinting for attackers by excluding data on the endpoint or running as a service
- A “honey-buster” tool, as mentioned by the Gartner analyst, to check all items
Ability to mimic should include:
- An exact mirror of network infrastructure with classical IT decoys alongside IoT/OT decoys
- Deception lures or traps that match the customer data and application environments
Gartner’s “Solution Comparison for Six Threat Deception Platforms” breaks down the characteristics of effective deception technology. It is important to ask about these three areas when evaluating your own network’s cybersecurity. Too often, core components are lost in the marketing campaign noise of competing providers. A great message is important but it will not necessarily lead to early detection or prevention of the next threat. Protect your organization’s assets and credibility by following the guidelines set forth by an unbiased leader in global research and corporate advisory.