[BreachExchange] Weave a web of deception to secure data

Audrey McNeil audrey at riskbasedsecurity.com
Tue Nov 15 19:53:23 EST 2016


https://www.helpnetsecurity.com/2016/11/15/deception-secure-data/

Today’s technically superior and incredibly well-funded (often
state-funded, in fact) hackers are not impressed with breach prevention and
traditional security solutions. Security professionals have accepted that
no matter how hard their teams try, it is nearly impossible to keep hackers
out of a network.

Although sophisticated perimeter-based solutions are still the bread and
butter of security efforts, CSOs and other security stakeholders are
turning attention and resources away from trying to keep hackers out and
towards simply ensuring that all data is safe from intruders, wherever it
is.

Doing so involves preparing proactive security contingencies for the
inevitable presence of hackers in the network. And in today’s volatile and
complex security climate, more security professionals are choosing
deception solutions as an approach to meet these challenges.

How can organizations leverage deception-based network security to keep
sensitive data safe? Here are three basic steps what to look for:

1. Build your offensive security posture

In order to keep data safe, an intruder must not be able to gain access to
any actual information. That sounds obvious, but what is not so obvious is
how to accomplish this goal. Organizations should choose a deception
technology or solution that enables security teams to go on the offensive.
This means actively hunting attackers, leading them into decoys, and
stopping them in their tracks – preventing them from reaching actual
company data. At the same time, the deception solution needs to work
seamlessly with other security and enterprise solutions, in order to fool
sophisticated hackers.

Advanced decoy systems also provide useful data about the attackers,
proactively developing intelligence that helps find their command and
control systems, understand how the connection is established, and what
protocols are used. The threat intelligence and visibility generated by
drawing the attacker in rather than simply attempting to repulse him
enables security teams to understand the goals of the attacker – preventing
not only a single attack, but also future attacks.

2. Cleverly place your traps

The key to keeping data safe is not just using decoys and traps, but
correctly placing them in the network. Smart monitoring and analysis of the
network traffic would allow organizations to profile their assets and
create a realistic and accurate model of their network. Then, they can
overlay the network with a deception layer that fits its unique
characteristics. There must be enough traps deployed for a hacker to step
on and trigger, and enough relevant decoys that look both appealing and
realistic.

For example:

An asset that appears to be an organization’s server, but is really an
emulated service made to lure and trap the attacker
A network device that appears to be a camera, a printer or another IoT
device, but is really a decoy
An asset that appears to be running tools known to be prone to security
issues, but instead confuses an attacker
A password hidden in an email that, when used, attracts the attention of
defenders
Cookies directing the attacker to a URL which is in fact an internal web
site.

In addition, deception technology must be able to actively adjust itself to
changing network environments, moving decoys and setting traps
automatically as networks evolve. This can be achieved only by constantly
monitoring network traffic to adjust to changing networks and protect new
assets that are introduced.

3. Weave your web of deception

With correctly and strategically placed traps and decoys, hackers find
themselves looking for information in decoy after decoy, literally stuck in
a false network full of incorrect information. Unknowingly, caught in a web
of deception the hacker never even fully accesses the real network.

The longer hackers need to look for information, the more time the security
team has to stop them and ensure data security. Moreover, in keeping with
the concept of offensive security posture, the longer a hacker engages with
a decoy system, the more information can be gathered about the nature of
the attack, its targets and even its origin. Then, according to the
organization’s incident response and remediation program, security teams
can take actions such as isolate the infected asset, block IP addresses
utilized by the attackers, and delete or disable the process used to launch
the attack.

The bottom line

Accepting the futility of prevention-based and traditional defense is the
first step to data security. And once organizations agree that hackers will
get in, the question is: do we act or react? By using advanced and
field-proven deception-based technology, security professionals can go on
the offensive – taking the fight to the hackers by misleading them until
they can be shut down.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161115/612280e9/attachment.html>


More information about the BreachExchange mailing list