Doron held executive and management roles in cyber security and software development for over 25 years. He serves now as the CTO for the Deception in Fidelis Cybersecurity. Doron founded TopSpin Security... Read More
Deception is becoming a critical part of organisations’ security infrastructure. According to Gartner, the need for better detection and response is creating new opportunities for security stack automation, integration, consolidation and orchestration, while also driving the emergence of new segments like deception.
These trends set up the perfect match of deception and automated detection and response, or ADR.
The Main Goals of Modern Deception are to:
Following the compromise of assets in an organisation, attackers start their reconnaissance phase. They search affected assets for valuable information and clues about where desired data lives in the environment. Attackers look across endpoints, networks and different devices as they try to move laterally throughout the environment. The deception layer intervenes in this reconnaissance phase, luring and deceiving the attackers detecting their activities very early in the kill chain before damage is caused to the organisation and before the attackers can reach their objective.
When done properly, deception has clear advantages :
Automation of Deception Deployment and Maintenance
There are several challenges that need to be handled when deploying deception technology, including:
Key considerations for effective configuration and maintenance of an effective deception network are listed below. These considerations and challenges are faced by every organisation implementing deception. Only an integrated ADR + Deception solution deals effectively with these:
The right methodology to deal with the above challenges is to deploy and maintain the deception in its various embodiments automatically. No other way will overcome the above list.
Knowing the environment and having visibility is crucial to setting up deception technology. In many cases the security team does not have all the relevant information about the environment, especially when the environment is constantly changing.
Automated Environment Visibility & Analysis
The first step starts by automatically identifying and profiling the networks, the assets, the applications and all other parameters of the environment.
The core management of the deception is made up of analysing the profiled information and using different criteria to define the deception layers that match the resources of the organisation. This creates persuasive decoys that will effectively thwart and confuse attackers.
Automated Decoy Creation
It will then automatically build the deception components, define the right network locations for the deception and distribute the deception in the network, preferably with minimal resources, i.e. one appliance will be able to support multiple decoys on different subnets, running different operating systems and different applications.
As the network and the resources in the organisation are changing, the deception solution will constantly continue the identification and profiling, adapting the deception to match the changes in the organisation.
The deception deployment process provides security teams with immense security and visibility ,while supporting both hunting efforts and forensic activities. As part of the visualisation, the solution provides the administrators with a clear view how the deception layers cover and match the resources of the organisation. i.e. what resources the organisation has and how well the deception deployment covers these resources. This is important in order to assess how well the deception already deployed fits the organisation and what actions should be taken in order to complete the deception deployment.
To conclude, by taking an automated approach for deception deployment and maintenance guarantees that the organisation’s resources is utilised efficiently and efficiently raising the level of the organisation’s security maturity.
<!– Doron Kolton, Chief Strategy Officer – Emerging Technologies at Fidelis Cybersecurity –>