Deception technology delivers unprecedented visibility into attacker activity
In today’s threat landscape, there’s no lack of challenges for CISOs and security teams as attacks on enterprise networks continue to reach record levels. Moreover, no matter how many carefully planned defenses are put in place, attackers will continue to find new ways to penetrate even the most robust perimeter and endpoint security solutions.
What can you do to address the problem? If you’re like most organizations, your security team is inundated with promises from security vendors to stop attackers in their tracks with their newest widget. Many new technologies do provide incremental protection, but unfortunately, there’s no magic bullet. Worse, new security technologies create significant workloads for security teams. Each technology needs to be evaluated and prioritized, but the question is, prioritized based on what?
• What are your peers doing in terms of security investment priorities?
• What pressures are coming from senior leadership?
• Do you have a list of perceived risks based on overall security trends?
What if you could understand what targets attackers are looking for, or what tactics they’re using once they penetrate your defenses? Based on current predictions, it’s likely that attackers are already present in your network and just haven’t surfaced yet. What if you could know what systems and assets attackers are targeting—or are already interacting with?
This is where deception technology can deliver tremendous benefits. Deception lets you create fake systems and assets, including end-user workstations, servers, IoT devices, network infrastructure equipment, and specialized devices that are unique to your industry.
Deception can help you discover …
• Where attackers are hiding in your network,
• Which systems they’re interrogating,
• What tactics they’re using,
• Whether they’re attempting to steal data, and
• Whether they’re attempting to deploy ransomware
… all without exposing your actual systems and assets. By deploying fake devices, systems, and assets among your real assets to bait attackers, deception technology shows you which systems attackers and malware are attempting to infiltrate, what lateral spread techniques are being used, and even what an attacker may already know about your network.
Imagine having the ability to see where attackers are moving in your network, what their primary targets are, and how they’re progressing throughout your infrastructure. TrapX DeceptionGrid™ achieves this level of visibility by creating tens, hundreds, or even thousands of decoys (Traps) that appear to be identical to the authentic systems they’re comingled with, and the only resources required are an IP address for each Trap.
Using deception technology to set security priorities
The information provided by deception technology can help you establish or refine your security priorities, including endpoint security, user entity and behavior analytics, and OT/IoT security, and it’s also valuable in justifying security spend to management.
Endpoint security priority
DeceptionGrid can emulate Windows XP, Windows 7, Windows 10, Mac OSX, along with variations of these endpoint operating systems. Once deployed, DeceptionGrid Traps alert the security team to any intruder contact. If an attacker uses custom malware or other tools to access multiple endpoints, including moving through your network laterally, the endpoint Traps would generate high fidelity alerts. You can see where the attack originated and how much effort the attacker is applying to compromise additional endpoints, and this data can be used to highlight the inadequacy of existing endpoint security solutions, allowing you to justify prioritizing additional endpoint security investments.
User entity and behavior analytics priority
DeceptionGrid can emulate critical Windows or Linux servers and alert security personnel to any attacker activity. If a user device is compromised or malicious insiders seek access to, or control of, real assets, TrapX DeceptionGrid not only alerts the security team to the activity immediately, including the origin of the attack and what accounts may have been compromised, it also records everything the attacker does, including the accounts they attempt to use.
Because DeceptionGrid allows attackers access to the decoy systems (Traps), you can see which usernames and passwords attackers may have compromised, without compromising legitimate systems. You can also see what attackers are targeting in terms of files for file servers, database records for database servers, etc. You can use this data to highlight the need for investment UEBA security and increase its priority.
OT/IoT security priority
DeceptionGrid also supports OT/IoT security, by emulating any specialized OT or IoT device unique to your industry and, once deployed, alerting security personnel to any activity. If an attacker seeks out specialized devices attached to your network, either for hiding their presence, or causing damage, your security team is alerted to the activity immediately, including the origin of the attack and what devices the attacker has targeted.
TrapX DeceptionGrid is unique in that it can emulate anything from SCADA systems for manufacturing to SWIFT systems for financial services to specialized medical equipment for healthcare, and virtually any other specialized device—without any unique software, applications, or licensing. When an attacker attempts to compromise a device, the IoT Trap allows the “compromise” to occur so that you can follow their movements and learn what they’re trying to do, e.g., spread to other parts of the network or interfere directly with the device. As in the other examples, you can use this data to highlight the need for, in this case, prioritizing OT/IoT security.
What if everything is a priority?
It’s unlikely that everything will be attacked at the same level, but deploying a deception infrastructure—which you can achieve in minutes using the TrapX DeceptionGrid platform—gives you the best of all worlds. Deception allows you to lure attackers using highly realistic decoys, thereby diverting them from your real assets, systems, and devices while you eliminate them from your infrastructure—all within minutes of being alerted to their activity. The data gathered during attempted attacks shows you which areas of your network are most vulnerable, helping you set priorities based on actual risk instead of observed trends or an assumed priority.
A unique layer of security
Deception technology is highly effective in neutralizing attacks, occupying attackers with decoys and alerting your security team to the intruders so they can be removed from your network before they compromise any actual assets. Just as important, it also helps you establish well-informed cyber security priorities.