The art of deception:Prevent cyberattacks before they happen

The cadence and impact of cyber attacks are greater than ever, and enterprises are under pressure to defend their networks and systems against security incursions by increasingly sophisticated and well-equipped hackers.

Because traditional cyber tools are static and modular in nature, enterprises that are overly dependent on them risk a detection gap should attackers gain a foothold inside their networks. The result is that CSOs can no longer bank on perimeter defences to keep the bad guys out, necessitating more sophisticated solutions as part of a multi-layered strategy.

One well-established approach is to catch hackers in the act is using a honeypot, first introduced almost two decades ago. By emplacing seemingly important systems just outside the core network as bait, security administrators can step back and wait for the decoy to be engaged. Attackers are hence diverted from mission-critical systems, while attempts to communicate or otherwise interface with such systems can automatically be construed as hostile in nature – exposing the miscreants.

There are inherent limitations to this approach, however, as honeypots are ultimately a detection-only tool designed with elimination in mind. They lack scalability in today’s network topologies and often do not match the operating environments and services of the organisations they are deployed in. But they are a complimentary cyber defence tool when deployed alongside other detection technologies.

Deception technology seeks to plug the gaps in honeypot technology by moving away from a detection-only approach to defending against modern threat vectors including advanced persistent threats (APTs) and ransomware. It is also capable of addressing traditional security bugbears such as slow threat reaction and mitigation.

Deception technology also has the ability to interact with other third party security solutions such as next-generation firewalls, advanced endpoint protection tools and security incidents and events management platforms; providing defence in depth.

Another key anchor in deception technology is the use of automation that can automatically map network assets and services to dynamically create decoys to confuse and misdirect attackers. Deception technology has much greater reach including the ability to assess the most likely attack paths through the corporate network.

Complimenting honeypots, deception technology can go a step further to create a trail of lures that will attract the attention of hackers. Notably, its sophistication means that it is possible to configure multiple deception layers to entrap hackers, or otherwise induce them to expend resources towards fake assets that dramatically increases the chances of them revealing themselves.

And lures are seeded not just in the corporate information technology (IT) network, but also operational technology (OT) environment containing within manufacturing or production machines. This is monitored from a central threat monitoring platform, which is immediately alerted to the compromise of decoys for greatly reduced time-to-detection.

It is easy to see why enterprises are turning to deception technology to gain an advantage over attackers in today’s dynamic and volatile threat landscape. Indeed, analyst firm ReportLinker notes that detection and response is a top security priority for organisations, with detection technology market sector projected to reach US$2.59 billion by 20251.

Singtel’s Managed Deception and Detection Service leverages the core tenets of deception technology, paired with an accelerated incident response team to help enterprises address the unique challenge and dangers of modern threats. The technology is deployed on the corporate network, with deception-based adaptive defence, orchestration and response automation customised to each organisation.

When an attack is detected, automated incident handling takes place based on pre-agreed playbook rules for rapid threat mitigation using detection technology and other integrated third party security solutions. At the same time, the team in Singtel’s Advanced Security Operations Centre (ASOC) is alerted and can simultaneously conduct a forensics analysis for accelerated incident response while leads are still hot.

In the meantime, updates are delivered to a user-friendly customer portal that is integrated with Security Information and Events Management (SIEM) data sources and other system logs for round-the-clock visibility into the network’s current security posture. Enterprises thus have a holistic, real-time view of the state of their digital assets and have access to a variety of reports showing security incidents as they happen.

You can read more about Singtel’s Managed Deception and Detection Service here. Or, speak with our cyber security advisor.

1 Deception Technology Market Analysis & Trends, November 2016