Browse Definitions :
Definition

deception technology

Deception technology, commonly referred to as cyber deception, is a category of security tools and techniques designed to detect and divert an attacker’s lateral movement once they are inside the network. Deception technology enables defenders to identify a wide variety of attack methods without relying on known signatures or pattern matching.

The technology is known for issuing reliable alerts because any engagement with deceptive technology is by definition "unauthorized." In addition to obfuscating the attack surface and making it challenging for attackers to look around undetected, deception technology will also redirect the attacker to an engagement server that will gather intelligence about the attacker’s tools, methods and behaviors. Third-party integrations can be used to automate appropriate response actions, including isolation, blocking, and threat hunting.

Gartner predicts that by 2022, 25% of all threat detection and response projects will include deception features and functionality.

Growth of the Deception Technology market

Increased adoption of deception technology has stemmed from the need for scalable threat detection across a wide variety of attack surfaces, including: 

  • Active Directory (AD)
  • software applications,
  • virtual private clouds
  • Internet of Things (IoT)
  • SCADA
  • PoS systems

 Breaches such as the Solar Winds incident, have also brought to light the magnitude of the need for detecting lateral movement and privilege escalations.

Standards organizations are also embracing deception, with the National Institute of Standards and Technology (NIST) adding the technology to several recent guidelines. Similarly, the MITRE ATT&CK framework helps organizations understand how deception fits in their security stack to derail attack techniques and tactics – specifically around discovery, lateral movement, privilege escalation and collection.

How Deception Works

Once thought to be only for large organizations with mature security teams, deception platforms have evolved into a practical and effective solution for companies of all sizes.

Companies seek out cyber deception for comprehensive attack surface protection, early detection, and a better understanding of their adversaries. Deception platforms meet these needs through their deployment scalability, ease of use for operators and an ability to work seamlessly with security solutions already in place.

Unlike security information and event management (SIEM) solutions that use event logs to report what happened, deception proactively reports on what could happen.  Deception is based on detecting techniques vs. a reliance on signatures or pattern matching, which also leads to its efficacy.

Deception technology will alert on early discovery, reconnaissance and privilege escalation activities. Defenders can set lures and decoys, hide production assets and misdirect attackers with disinformation that will derail their attack. The decoys mimic genuine IT assets throughout the network and run either a real or emulated operating system (OS). The decoys provide services designed to trick the attacker into thinking they have found a vulnerable system. The technology can also reduce the attack surface by finding and remediating exposed credentials that create attack paths.

Upon attacker interaction with a deceptive asset, the security team will receive a high fidelity, engagement-based alert with intelligence gathered about the attack. By gaining insight into the attacker’s tools, methods and intent, the defender will have the necessary knowledge to shut down the attack, strengthen overall defense strategies and level the playing field with their opponent.

The attacker will also get an unclear picture of the attack surface, which will slow them down, force them to make mistakes, expend additional resources and negatively impact the economics of their attack.

For companies conducting security assessments, deception technology plays an important role in detecting the attacker early and recording the attack activity.  These capabilities make deception technology one of the most effective methods to deal with ransomware. It is particularly adept at detecting intruders attempting to move laterally within the network -- even if intruders use authentic credentials.

Implementation

Deception technology is available as a full deception fabric or platform, as features within a broader platform and as independent solutions. Advanced deception platforms use machine learning for fast and accurate deployment and operations without disrupting other network functions. Native platform integrations with existing security infrastructure can provide seamless attack information sharing and facilitate automation. Benefits include automated blocking, isolation, threat hunting, repeatable playbooks that accelerate incident response and integration with SOAR solutions.

The most advanced deception platforms will also provide concealment technology, which hides and denies access to data. Instead of interweaving deceptive assets among production assets, the technology can hide real assets from an attacker's view. It can also return fake data to the attacker to disrupt and derail further attacks. Coverage includes AD objects, credentials, files, folders and removable drives, as well as network and cloud shares. This function serves as a powerful ransomware deterrent because attackers can’t find and takeover domain control or encrypt or steal data on drives they can’t access.

Benefits

Cyber deception complements existing security controls by detecting discovery, lateral movement, privilege escalation and collection activities that other tools are not designed to address. The technology is highly scalable, which allows it to protect an ever-evolving attack surface.

Many of the attack activities that deception provides visibility to are traditionally challenging to detect.  These include lateral movement, credential theft and reuse, internal threat reconnaissance, man-in-the-middle (MiTM) activities, and attacks on directory services such as Lightweight Directory Access Protocol (LDAP) or AD.

The ability to deceive, direct, and guide the adversary away from critical assets denies them their goals and reveals how they want to move through the networks. It also holds the benefit of increasing the attacker’s cost, because they must now decipher what is real from what is fake and forces them to restart their attacks.

This was last updated in January 2021

Continue Reading About deception technology

Networking
  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • private 5G

    Private 5G is a wireless network technology that delivers 5G cellular connectivity for private network use cases.

  • NFVi (network functions virtualization infrastructure)

    NFVi (network functions virtualization infrastructure) encompasses all of the networking hardware and software needed to support ...

Security
  • virus (computer virus)

    A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an ...

  • Certified Information Security Manager (CISM)

    Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the ...

  • cryptography

    Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is...

CIO
  • B2B (business to business)

    B2B (business-to-business) is a type of commerce involving the exchange of products, services or information between businesses, ...

  • return on investment (ROI)

    Return on investment (ROI) is a crucial financial metric investors and businesses use to evaluate an investment's efficiency or ...

  • big data as a service (BDaaS)

    Big data as a service (BDaS) is the delivery of data platforms and tools by a cloud provider to help organizations process, ...

HRSoftware
  • talent acquisition

    Talent acquisition is the strategic process an organization uses to identify, recruit and hire the people it needs to achieve its...

  • human capital management (HCM)

    Human capital management (HCM) is a comprehensive set of practices and tools used for recruiting, managing and developing ...

  • Betterworks

    Betterworks is performance management software that helps workforces and organizations to improve manager effectiveness and ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

Close