The Evolution of Deception TechSmokescreen's Hidayatullah on Controlling the Narrative in an Attack
For the past several years, security practitioners been overwhelmed by huge amounts of information generated by new point solutions designed to deal with specific problems. The volume and speed of today's alerts have the practitioner at a disadvantage when it comes to spotting attacks in real time.
Enter deception - a schema that involves deploying decoy systems, credentials, personas and other methods that draw the attacker in into an arena of your making, where you can observe and study the motives, techniques - and hopefully determine the attacker's target. The low-cost, asymmetric nature of such strategies can be game-changers when it comes to disrupting, delaying and misdirecting the attacker.
Paradigm Shift Needed
The reason modern attacks are succeeding is not for lack of tools - most organizations have enough - but because of an inherent lack of offensive thinking. "The modern defender can't think offensively. And if you can't think offensively, the attacker is always going to be one step ahead" says Sahir Hidayatullah, CEO & co-founder of Smokescreen Technologies, a pioneer in active defense and deception.
Current systems, including security information and event management software, also generate a huge amount of false positives, he says. "The typical attack gets caught in the system - in your SIEMs and other reports - but is only found during post-mortem and forensics." The number of false positives at the time of the attack means that you miss the attack happening in real time. In addition defenders today are too focused on what malware or tool the attacker is using. Deception, on the other hand, is agnostic of the tools used, he says.
Deception involves a paradigm shift in the way organizations approach defense, with" assume compromise" being the mantra. "You don't worry so much about the perimeter, relying instead on deception tech deployed across the enterprise, which is the digital tripwire that will help you find the attackers in the initial breach phase and stop them before business impact occurs," he says.
Not Just a Honeypot
This shift has been happening with the realization that enterprise honeypots behind the firewall, are extremely accurate, high-fidelity sensors, which can give you more information about ongoing attacks than other systems today. However, while deception technology and honeypots come from the same space conceptually, they are implemented differently, Hidayatullah says.
The primary difference is that the honeypot is usually an external facing, intentionally vulnerable system designed to attract an attacker. But the decoys used in deception technology are usually not vulnerable systems, as they need to mimic a real production system and provide a challenge to the attacker, he explains. They don't attract attackers or advertise themselves on the network - remaining passive. Anyone actively looking at these systems can be presumed to have malicious intent.
Gartner recently identified deception technology as being among the top 10 cybersecurity technologies to watch out for in 2016, including such other technologies as endpoint detection and response, behavioral analytics and cloud-access security brokers.
In this exclusive audio interview with ISMG (audio link below image), Hidayatullah discusses:
- Active defense and the paradigm shift in security;
- The reason attackers are succeeding today;
- The business case for using deception.
Hidayatullah is the CEO of Smokescreen Technologies, which focuses on detecting targeted hacker attacks before they cause business impact. Sahir was one of India's first ethical hackers and is a serial entrepreneur. His companies have investigated many of the highest-profile data breaches in the country, with clients that include critical national infrastructure, global financial institutions, and Fortune 500 companies.
Watch out for part two of this podcast interview, in which Hidayatullah speaks about the different tools, methods and tactics you can use to add deception into your organization's defense strategy, as well as how to overcome some common, related challenges.