How To Defeat Attackers With Deception Technology

By Steve Cobb, CISO, One Source

As we have seen in the last few weeks, major vulnerabilities are being announced daily. Cisco just released 10 critical vulnerabilities, Microsoft released a potentially devastating DNS vulnerability and Twitter’s verified accounts were hacked…just to name a few. The pandemic and transition to remote working has “refreshed” old vulnerabilities as companies try to offer convenience to remote workers and bypass their normal due diligence. Data breaches are impacting more and more businesses and the cost and reputational damage of a data breach can be detrimental with the potential to put companies out of business.

Challenges in Protecting Against a Data Breach

There are several challenges companies face when aiming to protect their data. Many organizations that are using security tools are using several different technologies across several different locations. These different technologies are often siloed – meaning multiple teams are looking at different tools that fall under different departments. This diversification of security tools amongst different departments makes it challenging to detect a breach, let alone respond to one. In addition, these technologies are noisy, firing off alerts on a regular basis making it hard to differentiate what alerts are good versus bad. This noise leads to a reduction in the effectiveness of detecting data breaches as real alerts go unnoticed. False positives are another huge challenge to overcome for organizations. Most organizations tune these security tools in an attempt to weed out false positives, however this results in the inability to catch internal threat actors who are using their permissions and access to extract data from their organization.

Why Use Deception Technology

Deception Technology can provide a low-cost, efficient method of determining if an internal or external breach is in process. When deception technology that has been implemented correctly detects an alert, you can be assured that false positives have been eliminated and the alert is real. These technologies can surveille a threat actor while they are going about their business and capture those interactions for enhanced defenses and threat intelligence. This threat intelligence can help an organization understand who is targeting them and how by gathering the tactics, techniques, and procedures (TTPs) of an attacker. For a MSSP, like One Source, it allows us to build out rules and protections for our clients from real and current data. These high-quality alerts allow organizations to enhance their prevention and defenses more effectively.

How to Take Advantage of Threat Intelligence

Deception Technology results in high quality alerts and threat intelligence specifically tailored for you organization. But how do you make the most of this information? Below are 4 tips to optimize information received from a Deception Technology:

  1. Know your threat profile. What is the most critical data in your environment and where does it live? What would be attractive to an attacker? Do everything you can to protect these environments and work outward from there.
  2. Operationalize the data as quickly as possible. When threat intelligence is realized, ensure your systems are built to utilize the data as quickly as possible to protect and defend your organization.
  3. Look for intelligence that helps you anticipate threats. Be proactive instead of reactive in your approach by using the Deception Technology intelligence gathered to build rules that are specific to the TTPs of attackers targeting your organization. This intelligence can also come from 3rd party information that accompanies the deception technology.
  4. Partner with an MSSP. If you don’t have the knowledge in-house or the resources to deploy deception technology, using a MSSP that can fully manage the process will help optimize your organizations spend and resources.

Deception Technology can greatly increase your ability to protect your organization from the ever-increasing data breaches. You can dive deeper into how deception technology can provide early detection of a breach and significantly improve an organization’s capabilities to quickly and accurately defeat attackers in our FREE On-Demand webinar, “The Advantage Of Deception Technology to Detect A Data Breach” put on by BrightTALK in their virtual event – Security in the Age of Malware.

Share this blog:   

Latest blogs

Sign up

Join our mailing list to get updates on our blogs.