Welcome!

Related Topics: FinTech Journal, @CloudExpo, Cloud Security, @BigDataExpo

FinTech Journal: Article

Intelligent Deception and #CyberSecurity | @CloudExpo #AI #ML #DL #Analytics

In this climate of confusion, deception-based solutions offer a viable and proven way to stop attackers in their tracks

Top 5 Reasons Why Security Teams Love Intelligent Deception

Cyberattacks are relentless. The pace of attacks shows no sign of slowing, and organizations understand that 100 percent prevention of attacks is not possible. Traditional prevention and detection techniques are falling short, and security professionals are scrambling for new paradigms that can more effectively detect attacks and mitigate the growing levels of damage.

In this climate of confusion, deception-based solutions offer a viable and proven way to stop attackers in their tracks. Why? Because instead of sitting back and waiting to be the victim, detection technologies let organizations be proactive and take the attack to the attacker. We've compiled a list of top five reasons why more security teams are opting for deception:

1. Malware Agnostic
Today's cyber defenses are centered around prevention. Yet next-generation firewalls, DLPs and antivirus solutions all rely on signatures and reputation to accomplish (or not accomplish) their task. This means that if they don't recognize the threat, they can't stop it. This is why we see so many data breaches at companies that have invested heavily in security - because threats are always changing and organizations are being hit with new attacks never seen before.

Deception, on the other hand, is a defense paradigm that's completely attack-agnostic. There's no need to define which specifically "irregular" attack is underway. Operating under the assumption that attackers have already breached the network, deception solutions set traps, lures and fake data to detect and stop human and machine attackers.

With intelligent deception technologies, the malicious nature of a particular software or user is determined when they trigger a trap. Once an intruder is detected, the deception layer sends an alert to the security team while profiling the threat. Using this approach, organizations can significantly shorten breach-to-resolution time and get a higher ROI dealing with accurate incidents.

2. Attack Interference
Intelligent deception not only lures attackers to decoys, it also serves to slow down attacks and keep the attackers engaged with decoy systems instead of roaming and causing harm to the network. Decoys engage attackers and keep them occupied in a number of ways, such as:

  • Adjusting the decoy's TCP stream as necessary to enable a slower or faster interaction
  • Allowing password-guessing in order to continue engaging the attacker. For instance, a decoy can be preset to decline the first six attempts, and allow the seventh to come through, regardless of the string that was typed in.
  • Feeding the attacker large files even when those are not requested by the attacker.

3. Enriched Threat Intelligence
The deception approach allows security teams to take the initiative - proactively developing intelligence that helps find the attacker's communication channels, understand how the connection was established, find out what protocols were used, and more. Some of the more advanced deception solutions employ traffic analysis engines in order to both place their traps strategically as well as to gather additional information about network threats.

By combining data from decoys, traps, traffic analysis and other active detection tools, deception platforms can feed and enrich SIEM/SOC systems to help organizations build comprehensive threat maps using real data in real time. The threat intelligence and visibility generated by drawing the attacker in rather than simply repulsing the attack enables an understanding of the attacker's goals - preventing not only this attack, but also future attacks. This is how organizations can take the attack to the attacker.

4. Minimizes False Positives
Alert fatigue and frustration from tedious analysis of false-positive are two of the biggest challenges facing cyber defenders. The former can lead to a "boy who cried wolf" mentality, which puts the organization at risk when security teams start ignoring alarms and can't begin to address the wave of alerts. The latter creates frustration because to be classified as false positives, numerous events demand considerable analysis and collection of data from a wider pool of sources for corroboration.

Deception solutions offer relief from this labor-intensive paradigm. Decoys trigger a low number of false positives because legitimate traffic shouldn't go near them in the first place. False positives are further reduced via higher levels of interaction between the decoy and the attacker and by correlating findings with other sensors in the network. Furthermore, advanced intelligent deception platforms that have integrated traffic analysis capabilities run internal correlation of data from both the deception and monitoring layers to ensure even higher alert accuracy. With far fewer false alarms, the security team can avoid configuration and management distractions and concentrate on real incidents.

5. Easy to Deploy & Manage
Current deception solutions are light years more advanced than the old, clunky honeypots of 10 and 20 years ago. Deploying deception is simple and fast. Intelligent deception is based on decoys and mini-traps - otherwise known as breadcrumbs or lures. These are placed on endpoints and servers and lead back to the decoys. In advanced deception-based solutions, deception components are deployed using point-and-click configuration, which largely automates the rollout of phantom decoys and networks. Deception solutions that have integrated traffic analysis capabilities use those in order to strategically place traps and decoys where they can be most effective - and dynamically adjust the deception layer as the network and threat environments evolve. Coupled with deception's accuracy and low (often no) false positives, this ease of configuration and management allows organizations to benefit from the technology without having to increase headcount.

The Bottom Line
The rising tide of cyber threats and the failure of traditional security paradigms to address them have created a perfect storm of cyberattacks. Deception is one of the few solutions that can break this cycle in an effective and cost-effective way - shutting down attacks before they cause damage, and letting network security professionals go on the offensive against attackers.

More Stories By Doron Kolton

Doron Kolton, founder and CEO of TopSpin, is a 25 year veteran of the data security market. Prior to founding TopSpin Security in 2013, he was in charge of web application firewall (WAF) development as VP of Product & Engineering of Breach Security, a position he continued to hold after the company was acquired by Trustwave.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Latest Stories
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership abi...
The essence of cloud computing is that all consumable IT resources are delivered as services. In his session at 15th Cloud Expo, Yung Chou, Technology Evangelist at Microsoft, demonstrated the concepts and implementations of two important cloud computing deliveries: Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). He discussed from business and technical viewpoints what exactly they are, why we care, how they are different and in what ways, and the strategies for IT to transi...
Interoute has announced the integration of its Global Cloud Infrastructure platform with Rancher Labs’ container management platform, Rancher. This approach enables enterprises to accelerate their digital transformation and infrastructure investments. Matthew Finnie, Interoute CTO commented “Enterprises developing and building apps in the cloud and those on a path to Digital Transformation need Digital ICT Infrastructure that allows them to build, test and deploy faster than ever before. The int...
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service.
Niagara Networks exhibited at the 19th International Cloud Expo, which took place at the Santa Clara Convention Center in Santa Clara, CA, in November 2016. Niagara Networks offers the highest port-density systems, and the most complete Next-Generation Network Visibility systems including Network Packet Brokers, Bypass Switches, and Network TAPs.
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
SYS-CON Events announced today that Outlyer, a monitoring service for DevOps and operations teams, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outlyer is a monitoring service for DevOps and Operations teams running Cloud, SaaS, Microservices and IoT deployments. Designed for today's dynamic environments that need beyond cloud-scale monitoring, we make monitoring effortless so you ...
My team embarked on building a data lake for our sales and marketing data to better understand customer journeys. This required building a hybrid data pipeline to connect our cloud CRM with the new Hadoop Data Lake. One challenge is that IT was not in a position to provide support until we proved value and marketing did not have the experience, so we embarked on the journey ourselves within the product marketing team for our line of business within Progress. In his session at @BigDataExpo, Sum...
Virtualization over the past years has become a key strategy for IT to acquire multi-tenancy, increase utilization, develop elasticity and improve security. And virtual machines (VMs) are quickly becoming a main vehicle for developing and deploying applications. The introduction of containers seems to be bringing another and perhaps overlapped solution for achieving the same above-mentioned benefits. Are a container and a virtual machine fundamentally the same or different? And how? Is one techn...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, will discuss the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information,
China Unicom exhibit at the 19th International Cloud Expo, which took place at the Santa Clara Convention Center in Santa Clara, CA, in November 2016. China United Network Communications Group Co. Ltd ("China Unicom") was officially established in 2009 on the basis of the merger of former China Netcom and former China Unicom. China Unicom mainly operates a full range of telecommunications services including mobile broadband (GSM, WCDMA, LTE FDD, TD-LTE), fixed-line broadband, ICT, data communica...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, will discuss some of the security challenges of the IoT infrastructure and relate how these aspects impact Smart Living. The material will be delivered i...
As software becomes more and more complex, we, as software developers, have been splitting up our code into smaller and smaller components. This is also true for the environment in which we run our code: going from bare metal, to VMs to the modern-day Cloud Native world of containers, schedulers and micro services. While we have figured out how to run containerized applications in the cloud using schedulers, we've yet to come up with a good solution to bridge the gap between getting your contain...