Deception as a defensive technology has come a long way in a very short period of time. Today, almost every enterprise network is going to have some form of deception employed to trick and trap unauthorized users. But its success is also becoming a problem because attackers are starting to expect, and in some cases even spot, deceptive assets.
The one thing that has not changed is the overall concept of how deception technology works. Fake assets are deployed throughout a real network. While valid users would have no easy way of reaching them, or even know that they exist, breadcrumbs and other clues pointing to them are left on real assets. Because hackers must crawl networks blindly, those clues can lead them astray, causing them to land on a deceptive asset. And because no valid user ever would, the fact that a user or program is interacting with a fake asset is almost always cause for alarm, and evidence that an intruder has bypassed other network defenses.
Early versions of deception platforms helped users deploy fake assets and drop breadcrumbs pointing towards them but did little else to improve that deception. And when the technology was relatively new, many attackers took the bait. Today, however, skilled hackers know, or at least suspect, that deception is in place and won’t blindly follow breadcrumbs. Dead or inactive assets only used for deception purposes probably won’t get touched by attackers who suspect a trap. Even advanced malware can sometimes sniff out the deceptive paths.
Fidelis Deception was created to make deceptive technology a valid defense once again, even if an attacker knows that it’s protecting a network that they are trying to breach. It does this by creating living deception assets that can interact with one another and perform tasks …

Go to Source

Author:

Comments are closed.