Cyber Defense Magazine Global Edition for 2019

More documents

Recommendations

Info

Much has quietly evolved with deception technology over the last few years as it quietly established its presence within business, OT, and government networks as a primary innetwork threat visibility and detection control. The technology has seen marquis coverage at Gartner Security Summits, keynotes and panels at CISO-focused seminars and industry events. By using deception to set traps and lures throughout a network, attacker dwell time is reduced, company-centric threat intelligence gathered, and incident response automated. Although customers remain tight-lipped about their use of the technology, industry surveys reveal that deception technology is the number 2 priority on CISOs lists of technologies being research, only slightly behind zero-trust solutions. Plus, users of deception technology are reporting an average of 5.5 days dwell time, a 90%+ improvement over the cited 78+ day industry average. A high confidence in detecting threats is recorded along with deception being listed as their top choice in security controls for accurately detecting insider threats, as compared to 13 other security solutions. Setting a trap for a criminal is a straightforward concept. However, there are some misconceptions that around believability, scalability and ease of operations that cybercriminals would like you to continue to believe. Commercial-grade deception technology addresses the critical requirements for being attractive, believable, and scalable as well as delivering capabilities that make it a far cry from merely being a fancy honeypot. Additionally, deception provides the unique ability to slow down an attacker by forcing them to decipher real from fake, question the reliability of their tools, and to impact the economics of their attack negatively. Let’s break down the technology changes and how it works. The primary use case for a cyber deception platform (CDP) centers on early detection. Specifically, deception detects attackers before they can move laterally off of their first system, spread throughout the network, or, compromise Active Directory. Deception starts with a mix of endpoint and network deceptions t and then add in additional application, and data deceptions designed to entice the attacker away from production assets. At Endpoints: Deception plays a valuable role in locking down the endpoint from lateral movement. It achieves this by placing deceptive credentials, file shares, and service redirections designed to lead attackers into the deception sandbox for observation, alerting, and recording. In Clouds: Deception adds another layer of detection to cloud environments, providing visibility and detection into unauthorized activity and misconfigurations. The solution alerts on unauthorized attempts to access storage buckets, exploit server less functions, steal sensitive data, or conduct malicious activity. In the Network: Organizations create digital landmines within their networks with decoy assets that appear identical to the Windows, MAC, Linux, and IoT devices present or as attractive documents or applications. Deception management servers can deploy as appliances on-premises, virtualized, or (AWS, Azure, GCP, Oracle Cloud, etc.). Machine-learning automates the deployment, management, and orchestration of the deception environment by learning the network based on the traffic it observes. Organizations are also using deception as a primary detection control for IoT networks because it is not reliant on logs, anti-virus software, or agents. IoT/ICS deception supports 38
a wide range of devices that include medical devices, printers, surveillance systems, energy substations, and more. Active Directory: In addition to providing Active Directory (AD) decoys, a modern innovation in deception adds attack prevention with the ability to intercept queries to AD, hide real data and system users, and insert deceptive results without interfering with production AD. This level of deception is a new and extremely valuable tool for a defender’s arsenal. Attack Path Visibility: Given the ability to learn the network, deception tools also provide visibility to misconfigurations and exposed credentials at the endpoints. This insight, not found in other vulnerability assessment tools, helps minimize risk by reducing the available attack surface and automating remediation of exposures. Fidelity-Alerts and Company- Specific Threat-Intelligence: Deception alerts have exceptional signal-tonoise-ratios since they activate on attacker engagement. Plus, the high-interaction deception environment gathers companyspecific threat intelligence by recording activities and policy violations and for safely studying the attack and collecting Tactics, Techniques, and Procedures (TTPs). Native integrations (firewall, SIEM, NAC, EDR, and orchestration tools) also extend existing security solution value and facilitate automated blocking, isolation, and threat hunting. accurate detection that requires minimal operational overhead. mMature organizations increase efficiencies in threat detection and investigation, as well as valuable context for triage. Advanced organizations achieve strategic advantages in building pre-emptive defenses, automating intelligence gathering and incident response playbook operations. Standards are also incorporating deception: • The National Institute of Standards and Technology (NIST) draft policy 800-171b recommending deception for High-Value Assets holding sensitive information. • The US Department of Energy granted funds to Pacific Northwest National Labs, in partnership with Attivo Networks to create a deeper level of deception for cyber-physical-systems. • The Global Cyber Alliance (GCA) AIDE Platform enables IoT Device manufacturers to test security, identify and mitigate global attack risks in conjunction with Attivo Networks. With the cyber battlefield moving inside the network, deception and the act of setting traps for one’s adversary has quietly taken its place within the security stack. It is accurate, nonintrusive, and reliably detects in areas and works in ways that other security controls simply do not. And don’t be deceived; although it is deceptively simple to operate, it is also deceptively lethal for both human and automated adversaries. Organizations of all sizes are benefitting from deception-based detection. Smaller organizations gain immediate value with 39
Page 1 and 2: 1
Page 3 and 4: Contents Secure Channels Delivers
Page 5 and 6: 5
Page 7 and 8: 7
Page 9 and 10: vast attack surface area. The growi
Page 11 and 12: Invisible = Undependable Why Visibi
Page 13 and 14: California’s Upcoming 1Privacy La
Page 15 and 16: What are the penalties under the ne
Page 17 and 18: Customer and other sensitive data n
Page 19 and 20: Advanced HiddenWasp Malware Stings
Page 21 and 22: capability to manage or co-manage t
Page 23 and 24: connections are protected for compl
Page 25 and 26: of business interruption. The iboss
Page 27 and 28: 9 Cybersecurity Metrics + KPIs to T
Page 29 and 30: About the Author How Security Score
Page 31 and 32: communicate with people on the othe
Page 33 and 34: Improving Workforce Engagement in a
Page 35 and 36: • provide availability of applica
Page 37: To Catch a Criminal, Set a Trap Cyb
Page 41 and 42: Maximizing Efficiency by Meeting Cy
Page 43 and 44: The Browser as a Common Operating E
Page 45 and 46: About the Author Karen Levy, VP of
Page 47 and 48: and operations collaboration. Over
Page 49 and 50: Fighting Fraud in Online Services w
Page 51 and 52: XTN goes global Nowadays, we are ap
Page 53 and 54: processes to get right. Unlike pure
Page 55 and 56: About the Author Volkan Erturk, CEO
Page 57 and 58: down a document's processing in ord
Page 59 and 60: 59
Page 61 and 62: Anti-Malware PC Matic Inc. Leader A
Page 63 and 64: Chief Technology Officer of the Yea
Page 65 and 66: Cyberspace Operations Service Provi
Page 67 and 68: Email Security and Management Trust
Page 69 and 70: Malware Analysis Intezer Most Innov
Page 71 and 72: Risk Management SecurityScorecard B
Page 73 and 74: Telecoms Fraud Protection Trustonic
Page 75 and 76: 75
Page 77 and 78: 77

Cyber Defense Magazine Global Edition for 2019

Create successful ePaper yourself

Delete template?

Save as template?