Today’s technically superior and incredibly well-funded (often state-funded, in fact) hackers are not impressed with breach prevention and traditional security solutions. Security professionals have accepted that no matter how hard their teams try, it is nearly impossible to keep hackers out of a network.
Although sophisticated perimeter-based solutions are still the bread and butter of security efforts, CSOs and other security stakeholders are turning attention and resources away from trying to keep hackers out and towards simply ensuring that all data is safe from intruders, wherever it is.
Doing so involves preparing proactive security contingencies for the inevitable presence of hackers in the network. And in today’s volatile and complex security climate, more security professionals are choosing deception solutions as an approach to meet these challenges.
How can organizations leverage deception-based network security to keep sensitive data safe? Here are three basic steps what to look for:
1. Build your offensive security posture
In order to keep data safe, an intruder must not be able to gain access to any actual information. That sounds obvious, but what is not so obvious is how to accomplish this goal. Organizations should choose a deception technology or solution that enables security teams to go on the offensive. This means actively hunting attackers, leading them into decoys, and stopping them in their tracks – preventing them from reaching actual company data. At the same time, the deception solution needs to work seamlessly with other security and enterprise solutions, in order to fool sophisticated hackers.
Advanced decoy systems also provide useful data about the attackers, proactively developing intelligence that helps find their command and control systems, understand how the connection is established, and what protocols are used. The threat intelligence and visibility generated by drawing the attacker in rather than simply attempting to repulse him enables security teams to understand the goals of the attacker – preventing not only a single attack, but also future attacks.
2. Cleverly place your traps
The key to keeping data safe is not just using decoys and traps, but correctly placing them in the network. Smart monitoring and analysis of the network traffic would allow organizations to profile their assets and create a realistic and accurate model of their network. Then, they can overlay the network with a deception layer that fits its unique characteristics. There must be enough traps deployed for a hacker to step on and trigger, and enough relevant decoys that look both appealing and realistic.
- An asset that appears to be an organization’s server, but is really an emulated service made to lure and trap the attacker
- A network device that appears to be a camera, a printer or another IoT device, but is really a decoy
- An asset that appears to be running tools known to be prone to security issues, but instead confuses an attacker
- A password hidden in an email that, when used, attracts the attention of defenders
- Cookies directing the attacker to a URL which is in fact an internal web site.
In addition, deception technology must be able to actively adjust itself to changing network environments, moving decoys and setting traps automatically as networks evolve. This can be achieved only by constantly monitoring network traffic to adjust to changing networks and protect new assets that are introduced.
3. Weave your web of deception
With correctly and strategically placed traps and decoys, hackers find themselves looking for information in decoy after decoy, literally stuck in a false network full of incorrect information. Unknowingly, caught in a web of deception the hacker never even fully accesses the real network.
The longer hackers need to look for information, the more time the security team has to stop them and ensure data security. Moreover, in keeping with the concept of offensive security posture, the longer a hacker engages with a decoy system, the more information can be gathered about the nature of the attack, its targets and even its origin. Then, according to the organization’s incident response and remediation program, security teams can take actions such as isolate the infected asset, block IP addresses utilized by the attackers, and delete or disable the process used to launch the attack.
The bottom line
Accepting the futility of prevention-based and traditional defense is the first step to data security. And once organizations agree that hackers will get in, the question is: do we act or react? By using advanced and field-proven deception-based technology, security professionals can go on the offensive – taking the fight to the hackers by misleading them until they can be shut down.