Blog  

How Deception Technology Helps the Modern CISO

From Telemetry to TTPs

What makes deception technology a necessary part of a CISO’s overall security strategy? The simple answer is that it allows a CISO to address key pain points that are causing major operational challenges right now. It also provides valuable clarity to help keep leadership teams on-side. Let’s take a quick look at some of the key pain points:


- Monetary cost per incident
- Time to incident detection
- Time to incident close
- Costs associated with remediation
- Number of corrective risk management and compliance actions
- Cyber resilience
- Regulatory fines


It is a mantra that is heard often by CISOs today: “it is not a question of if, but when you will be breached”. If one takes a step back, implicit in that statement is that, irrespective of your current security deployment and processes, you will be breached. This state of affairs surely cannot be allowed to continue.

A New Approach

There must be a new approach to detecting attackers and strengthening the current security toolset. That new approach is deception technology. Deception technology will help to address the key pain points by allowing an organisation to detect complex threats far more quickly than before, and reducing the costs associated with detecting more mundane (less technically sophisticated) attacks. But how will using deception allow me to achieve this? Well, unlike the current approach, which is reliant on the defenders having to be right all the time, deception turns this concept on its head. It forces the attacker to be right every time. How is this achieved? The secret is in the use of breadcrumbs that lead the attacker out of the production network and into the deception environment. A breadcrumb can be any artefact that looks and feels like an integral part of your network. From the way they are crafted, it is very difficult for the attacker to know if the artefact is real or fake. This means that the attacker must make the right choice every time. There is every possibility that the attacker will make the wrong choice, so potentially we can improve the time it takes to detect the attack. Obviously, the sooner we can detect the attacker, the sooner we can shut down the attack and speed up incident recovery.

Cyber Resilience

Deception improves detection of complex attacks and thereby reduces the ability of attackers to dwell inside your network undetected. This directly improves your cyber resilience. In simple terms, it helps you to ensure business as usual; keeping key components of your network online so that you can conduct your business without interruption.

Why does ensuring cyber resilience really matter? Why is it critical in these modern times? Well, for one, the regulatory framework has changed drastically. I am not going to bombard you with a large number of stats on data breaches here. I am sure all of you have come across the relevant statistics.

Now, this is not about GDPR, but you can substitute that with the national legislation of your choice, and the effect is the same – for example HIPAA. Currently, there are around 80 countries that have enacted legislation that extends or entrenches data privacy. This is now backed up with significant financial sanctions. The debate has moved beyond abstract discussions as to “how such legislation will be enforced” and it is now about something very real that needs to be factored in when considering your overall security posture.

What then of the CISO whose organisation may hold no data whatsoever that could be relevant to attackers? Those CISOs need to ask themselves who the trusted partners and 3rd parties they work with are. Attackers may well look to use your digital assets as a stepping-stone to gain access to other networks.

Corrective Actions

Finally, I want to look at the issue of corrective actions. The number of corrective actions a CISO and his team have to perform on a daily basis is increasing rapidly. Part of the problem is that, currently, security toolsets are working on the assumption that big data is the kind of data that you need to identify security issues. There are a number of key problems with this, centred around the cost of collection, storing and processing it in order to find actual and potential security threats. Deception technology, once again, seeks to tackle the problem in a more efficient and streamlined manner. Look for the right data and not the big data. Deception technology will not trigger unless there is some interaction with a deception asset. The result is a stream of timely and relevant IOC’s and TTP’s being generated that empower teams to make the right decision at the right time; significantly reducing the number of corrective actions a security team has to make. As an example, the level of automation that is built into the CounterCraft Cyber Deception Platform means that all of this can be achieved without placing an additional burden on security teams.

Security Enables Growth

The key objective in 2020 for the global CISO is not only “how can I secure the business environment”, but “how can I deliver a security strategy that enables business growth particularly in the current climate where most transactions will take place online”. There is a need for a robust and resilient operating environment for the business to expand into. Integral to that is the use of deception technology. Why? Because it gets the right information to the right people at the right time, allowing security teams to protect their IT resources from both external and internal threats.

To learn more, download our white paper How Deception Technology Helps CISOs Meet the Challenges of Cyber Security. Or get in touch with us to schedule a demo.

Author: Nahim Fazal, Head of Cyber Threat Intelligence

Like Jim Morrison said, this is the end. But you can...