We’re big fans of the SANS team, and specifically of Lenny Zeltser. It’s gratifying then, to see him discussing deception and active defence in his recent series of blog posts, and we highly recommend reading his history of deception in computer security.
Lenny Zeltser is right about deception and active defence on all account. Here, we’d like to extend a couple of his main arguments:
- Thinking asymmetrically
Cyber-security has always been a form of asymmetric warfare. The defenders have expensive, monolithic defences, are slow to adapt, and are hampered by ‘terrain’ such as geographical boundaries. The attacker are quick to change tactics, rely heavily on deception, and make use of terrain. This is guerilla warfare, and only an asymmetrical defence will yield results.
- Support costs of honeypots
Honeypots in the traditional sense are expensive to deploy and difficult to maintain. They also increase attack surface for an attacker. However, virtual decoys solve all these problems. They are easy to deploy, administer and monitor, and they do not create vulnerabilities.
When you integrate decoys and active defence into the fabric of the environment, you asymmetrically turn the tables on even the most advanced attackers. They are human after all.
The pragmatic security leader’s guide to deception technologyWhen evaluating deception technology, look at three key components of the solution to ascertain how effective it will be in your environment – visibility, realism, and fingerprintability.By Sudarshan Pisupati
Using deception to shield the insurance sectorInsurance companies are under siege from cyberattacks. We take a look at some of the key pieces of an insurer’s infrastructure the adversaries target and how you can use deception to build active defenses.By Sudarshan Pisupati
Finding active defense opportunities in a pentest reportPentest reports tell a story. By asking why a pentester made certain choices, you can find opportunities to influence attacker behavior and actively defend your network.By Sudarshan Pisupati
- Detect zero-days, APTs, and insider threats
- 10x the detection capabilities with 1/2 the team
- Get started in minutes, fully functional in hours