Cybersecurity: What is deception technology?

By Assaf Egozi; Foreword by Aimee Bacallan

Believing that cybersecurity is a shared responsibility within the financial services industry, B-Hive is actively leveraging key stakeholders in its network for its CyberHive program.

One of the key technologies we are looking into with the CyberHive program is deception technology.

CyberHive program lead, Assaf Egozi, weighs in on the advantages of this emerging security technology that is proven to provide real-time breach detection and prevention and offers significant advantages over traditional security systems.

Below is an extract of a deep research we conducted on behalf of CyberHive with experts in the space of deception technologies. If you’d like to receive access to the deep research, please contact us.
 


Deception is not a new concept in security. In fact, the common term “honeypots” pre-dates IT security and traces its origins to human intelligence (good old classic spies, otherwise known as HUMINT) activities.

Technological deception techniques have been a part of a variety of enterprise security technologies and security programs as early as 1986 (Cliff Stoll, “The Cukoo’s egg”) – most notably by government entities such as the US Department of Defense.

The use of honeypot sensors as a detection measure has often been a security practitioner's dream, yet has been unattainable because the honeypot sensors of the past had limitations and management complexity:

  • Easy to fingerprint and be avoided by skilled attackers
  • Attackers ability to abuse a compromised system
  • Limited emulation services
  • No ability to engage and understand the true intent of the attacker
  • Limited to capturing mostly known activity
  • Not easily scalable
  • No management user interface

Therefore, the traditional, low-interaction honeypots were predominately used to detect mass network scanning (brute force, scanners) and track worms, rather than detect advanced and methodical attacks.

However, the techniques delivered by today’s deception solutions offer a substantial set of new capabilities, specifically designed to support organizations facing advanced threats.

With the evolution of virtualized environments and centralized security solutions, honeypots began to be based on full operating systems and evolved toward greater automation, more suitable for widespread deployment across complex enterprise networks. This is where the cross-over from traditional honeypots to the new generation of deceptions begins.

Today’s deception technologies deployed as a part of security solutions include both the use of virtualized and real endpoint decoy systems, as well as network services, protocols, applications or fake data elements.

In this new class of security solutions, distributed decoy systems are used to portray deception across multiple layers of interaction with attackers. Each of these layers and data elements serves as deceptive lures, and aids in the successful deception, disruption and/or misdirection desired against an attacker.

So, why use deception technology? Modern deception technology offers some advantages over traditional endpoint and network security systems: you can enhance detection capabilities, slow down an ongoing attack and gather information about the attacker, tools and tactics.

Curious to learn more about deception technology and cybersecurity? Don’t forget to get your tickets for our upcoming Fin & Tonic on cybersecurity – October 26 at 6 pm at the B-Hive offices in Diegem.