IT Security

Is deception technology a security strategy worth considering?

user

By Naveena Srinivas Enterprise Analyst, ManageEngine

Published on August 05, 2021

The increase in ransomware attacks, remote work disruptions, and other challenges brought on by the pandemic has made organizations realize the importance of assessing their cybersecurity strategy. The pandemic will have a long-lasting impact on the threat landscape and how security teams protect people and assets. For any cybersecurity strategy to be successful in the long term, multiple lines of defense need to be in place. With remote work diluting traditional network borders, data needs to be protected accordingly, taking insider threats, stolen passwords, and other factors into account.

Security leaders have also become concerned about direct and indirect threats posed by nation-states and their proxies. This concern is warranted because critical infrastructure systems tend to be old and some were originally designed without robust security in mind. It comes as no surprise then that cybercriminals decided to target the energy sector and the Colonial Pipeline in May 2021. President Biden mentioned that he wants to see far more collaboration between the government and the private sector in terms of combating cybersecurity threats.

According to IDG’s Security Priorities Study, companies have begun looking to invest in the following technologies the most.

  • Zero trust (40%)

  • Deception technology (32%)

  • Authentication solutions (32%)

  • Access controls (27%)

  • Application monitoring (25%)

  • Cloud-based security services (22%)

Since anyone involved in IT is probably already familiar with the leading technology, Zero Trust, let’s do a deep dive into the semantics of deception technology to understand its necessity.

Deception technology: Deceive attackers

Deception is one of the armed forces’ most successful strategies for overcoming enemies, and it could be equally effective in the cybersecurity space. The aim of deception technology is to prevent a cybercriminal who has managed to infiltrate a network from doing any substantial damage. This technology is a standalone platform that works by producing traps or decoys that mime legitimate technology assets throughout an organization’s infrastructure. The platform protects networks and endpoints from various types of attacks, including ransomware and advanced persistent threats. 

Deception technology is pragmatic in the way that it doesn’t presume an organization will be able to create a perfect copy of all its endpoints and legitimate data flows. Instead, it sets up a parallel virtual infrastructure and data sets with no business purpose at all. If an endpoint tries to access any of these assets, it is likely that the endpoint is compromised since there is no legitimate reason for such activity. Notifications are instantly sent to a centralized deception server that records the affected decoy and the attack vectors used by the cybercriminal.

The deception landscape

The deception technology market was projected to grow from $1.04 billion in 2016 to $2.09 billion by 2021, at a CAGR of 15.1% from 2016 to 2021. There are now different levels of deception technology available. Some are a little better than a honeypot, while others resemble networks that include real data and devices. This includes the ability to imitate and analyze different types of traffic, provide fake access to accounts and files, and closely replicate an internal network.

Cloud data decoys can be set in a public cloud, such as one provided by AWS, Google, or Azure, or an internal private cloud. For example, an organization can create decoy cloud credentials, and once an attacker uses these false credentials, two things can happen—the organization can mount a simulated defense to the intrusion, or they can lead the attacker to another decoy, such as fake cloud data. Either way, the organization is alerted as soon as the attacker uses the decoy credentials, and their real cloud resources are kept safe.

A few deception-based security products can be deployed automatically, keep attackers busy in loops of access for more information, or generate more detailed and realistic counterattacks. When deception technology works as intended, hackers will truly believe they have infiltrated a restricted network and are gathering critical data. Cybercriminals will be accessing data, but it will only be information intended for them to see. Remember, organizations only need to detect the adversary interacting with the decoy once.

As we know, it is virtually impossible to keep persistent attackers from targeting high-profile networks. This is part of the reason that deception technology has been used by the United States government, NATO allies, and many companies in banking, finance, manufacturing, and plenty of other industries.

Deception tech is worth considering

A security strategy leveraging deception technology can provide an organization’s most classified projects with strong defenses that thwart attackers. At present, these tools are especially relevant for high-profile targets such as government facilities, financial institutions, and research firms. Recent attacks targeting critical infrastructure—and, by extension, civilians—show that now is the time for deception technology.

Deception technology meets many security program requirements by delivering highly accurate alerts, reducing the volume of useless alert traffic. Users of deception technology report that they are 12 times faster at responding to a deception-based alert when compared to other alerts, which translates to significant cost savings for organizations. However, organizations will still need a security analyst to break down the data from their deception-based security tools, so smaller companies without specialized staff typically would not be able to tap into the benefits of this technology. That being said, SMBs can still utilize deception in some fashion by contracting with security vendors that provide analysis and protection as a service.

On average, companies take nearly 200 days to realize there’s been a successful breach in their network, which is far too long. With the primary goal of early threat detection and reducing the security team’s spending, deception technology is worth consideration. We will keep you updated on any enhancements in the deception technology world.

Leave a comment

Your email address will not be published. Required fields are marked *

92 − = 83