Posted by Yuval Malachi CTO & Founder
Today has been a big day for us with the release of deception tokens. This completes fulfillment of a large part of our vision for deception, and what is truly possible with the technology. Of course, it has taken several years to deliver on this vision. In the beginning we knew that simple honeypots could be quite effective. Our initial mission was to scale and automate the deployment so that an enterprise would find it useful. Deploying honeypots, one at a time, was labor intensive and just not cost effective. We had to make very key decisions to build out emulations for scalability and low cost.
Emulations enabled us to do several things that no one else could do. First, we could deploy them with our automation, at virtually any scale, at no incremental licensing cost to the enterprise. Second, early on we suspected the growing problem with medical devices and many other embedded operating system turnkey devices. We believed that a strategy using emulations uniquely gave us the ability to replicate these easily compromised devices and that since attackers were consciously targeting them, we would be more effective in spreading the “honey” that the attackers targeted. Besides early anecdotal evidence and discussions with our peers in the intelligence community that was a very visionary leap just a few years ago. Finally, we could see that standard cyber defense software just could not run on nor scan a many devices to include ATM machines, medical devices and many other turnkey devices that utilized an embedded version of Linux or Windows.
DeceptionTokens were a core part of our vision at that time. The key to our vision was that we could place our emulated traps on every VLAN to identify attackers moving laterally. But we could then place our deception tokens within all the real IT assets, including complex turnkey systems like medical devices and ATMs, for another critical layer of protection.
The implications of this expanded architecture will also strongly benefit industries such as banking, healthcare, retail and government. Our agent-less deception tokens technology allows the placement of these lures within various device. Now we can place our deception tokens in complex turnkey systems, such as medical devices, atm machines and point of sale terminals and a very broad set of internet of things (IOT) devices. Or, to think outside the box, we can deploy deception tokens within specialized military command, control and communications systems that are network connected. The possibilities are endless.
To look at this another way, most of these devices cannot be protected or scanned easily if at all by standard defense in depth cyber suite software. But deception tokens can add a layer of defense. We can blanket almost all of the devices within an hospital or bank network with deep deployment of deception capabilities, to identify and divert attackers perhaps before they can steal data and damage the network.
The addition of the deception tokens and the automation that supports it lets us virtually blanket the enterprise with lures within all existing IT endpoints and servers. We’ve made it extremely difficult for human cyber attackers. Everywhere they turn in an enterprise protected by DeceptionGrid(TM) they are much more likely to be detected early into the breach.
This combined and powerful array of lures makes it extremely difficult for attackers to move through your networks undetected. Once we identify attackers authoritatively, now your security operations center team can aggressively defend your enterprise.
Let me know about your specialized applications for deception technology. DeceptionGrid can comprehensively protect any network and any mix of devices.