What is Deception Technology?

Posted by Chris Hartwig on Jul 11, 2016 8:00:00 AM
Chris Hartwig
submit to reddit

wpd_fish_shark_mask.png

Set a Trap to Catch Cybercriminals

Deception Technology is a new approach to cybersecurity that is designed to prevent a cybercriminal who has already infiltrated a network from doing damage. This technology helps an organization move from reactionary to a proactive, defensive posture. Since signature-based antivirus has been a complete failure at detecting zero-day threats; a new approach to luring and trapping cybercriminals has been developed to prevent or at least delay an attacker from penetrating deeper into the network and reaching their intended target.

Deception technology products work by creating deception decoys (traps) that mimic legitimate IT assets throughout the network. These traps can run in a virtual environment or a real operating system and actually provide services that work to trick the cybercriminal into thinking they have found a way to steal credentials or escalate privileges. Once a cybercriminal has hit a trap, notifications are sent to a deception server that records which decoy was hit and what attack vectors were used.

Move Over Antivirus & Firewall

Deception Technology vastly improves upon existing security but isn’t designed to replace your antivirus or firewall. It should be used as another layer of network protection to track and trap those cybercriminals who have gotten past your defenses and reached your endpoints. It can take months to identify an internal breach using traditional antivirus and firewalls. Once cybercriminals have breached your network defenses, they will spend on average, almost one-year gathering intelligence on your network infrastructure and your financial activities.

Why Didn't My AntiVirus Detect CryptoWall? 

It is very important that you do not allow cybercriminals to set up shop on your network and provide them the time they need to gather crucial information about your infrastructure and most importantly financial information. Deception Technology doesn’t rely on signatures and is a great way to improve network security and gain visibility to an attack that has bypassed traditional prevention measures.

Why I'm breaking up with my antivirus software 

Using Deception Technology will greatly enhance your current security information and event management system (SIEM) to ensure infected devices are isolated from the network as quickly as possible.

If an internal network threat is detected, you will be alerted to the actions of the cybercriminals. These event-driven alerts can be combined and examined with other logs from the SIEM system to gather forensic evidence. Using sophisticated deception systems, you may be able to gather information on the attackers command and control (C&C) server to learn about the attacker’s methods and the tools they are using.

Where Can I Find Deception Technology Solutions?

WPD_guppy_shark_fin.jpgWatchPoint has developed a product line of HackTraps™ that use Deception Technology to trap cybercriminals. HackTraps give you a distinct advantage over the attackers. You know where the HackTraps are, and they don’t! By strategically placing the HackTraps throughout your network, you ensure that your entire attack surface is covered. Whenever one of the HackTraps is accessed, an alert is immediately generated. Because the HackTraps are not accessed by normal user interaction, the number of alerts this system generates is minimal. This allows you to treat every alert as a real threat, and you won’t be bogged down with false positives.

You can view the entire HackTraps line up here.

The large number of HackTraps offered by WatchPoint give an administrator the ability to setup different traps in numerous locations throughout the network. Something as simple as a DocTrap named “Company Passwords.docx” placed in a network share is one example of a very simple yet sophisticated HackTrap. Giving the trap an enticing name will lure the attacker into the trap. Once the trap is opened, an alert is generated to notify you instantly of the unauthorized access. Try the DocTrap for free today!

Further Reading:

INTRODUCING CRYPTOSTOPPER.IO™ – THE RANSOMWARE DESTROYER

Why Signature Based AntiVirus Solutions Fail to Detect Crypto Ransomware

What can you learn from DNC's recent hack?

Ransomware Kits: The Newest Tool for Cyber Criminals

Why Didn’t My Antivirus Detect Cerber Ransomware?

Topics: Cyber Threats, Data Breach, Business