The aim of this article is to present a couple of use cases where deception technologies can be used to provide an extra dimension to Operational Technology (OT) networks. Firstly, we need to define exactly what we mean by an OT network. An OT network is the information infrastructure deployed for non-IT systems. These can be as varied as oil-well head pumps to medical devices; machine-tools to power station control networks.
Stop cyber threats in their tracks and protect your remote workforce with the all new CounterCraft’s Threat Intelligence Services. These services-as-a-service go live to offer the kind of rapid support organizations are now seeking having been forced to adopt widespread remote working amidst the COVID-19 crisis – simply plug and play this cloud-based managed service to proactively protect the networks your colleagues and operations now rely on. Remote workers doing their best to adapt overnight have already faced an onslaught of damaging and malicious cyber attacks since varying degrees of confinement were enforced in the first half of 2020.
Gartner has released its Hype Cycle for Security Operations 2020 report. It is a thought-provoking read, spanning a diverse range of technologies. What I want to focus on here is the report’s approach to deception, where it stands in the hype cycle and how the level of maturity in your security operations may not be relevant to the central question: am I ready for deception? Let us begin by taking a look at where deception is in the hype cycle.
What makes deception technology a necessary part of a CISO’s overall security strategy? The simple answer is that it allows a CISO to address key pain points that are causing major operational challenges right now. It also provides valuable clarity to help keep leadership teams on-side. Let’s take a quick look at some of the key pain points: - Monetary cost per incident - Time to incident detection - Time to incident close
One of the main challenges when investigating an incident is being able to convert all the raw data (typically logs) that you can gather into TTPs (Tools, Techniques and Procedures), or even better, into operational information. By using deception techniques we have a significant advantage over other security tools because, in theory, all activity collected from any deception campaign should be malicious per se. That’s a great help when trying to find the needle in the haystack, but in reality it is not so easy, as any machine or cloud service is usually running many other agents, processes or cron tasks that add a lot of noise to the instrumentation.
CounterCraft announced it has secured $5 million funding. The investment will accelerate global growth as we focus on acquiring market share in the US with our cyber threat defense platform, following successful expansion across Europe and in the UK. David Barroso, CEO and Co-Founder, CounterCraft, said: “We are energised and delighted to announce concluding our latest funding round with a total of $5 million and to welcome eCAPITAL and Red Electrica Group to our list of specialized investor firms.
Gartner has recently published the Market Guide for Security Threat Intelligence Product and Services by analysts Craig Lawson, Brad LaPorte, Ruggero Contu, John Collins and Mitchell Schneider, which provides end users with guidance on how to ensure that they are getting the best value from threat intelligence services. This excellent piece of research is extremely valuable for those that do not have a threat intelligence service and are currently looking at what potential options they may have.
The concept of attack trees or attack paths and how to increase the cost for the attacker in time and resources (not always monetary) has been discussed many times and it is still considered a good approach in any modern security strategy. Bruce Schneier explained the concept in the Dr. Dobb’s Journal in 1999K Leveraging an attack tree model is not only an important step towards formalizing our understanding of attacks, but also a means to understanding our defense.
The growing popularity of MITRE ATT&CK is a good indication that finally, we have a common language to describe the tools, techniques and procedures (TTPs) that threat actors are using in their daily operations. At CounterCraft, we have been firm believers in MITRE ATT&CK; we first added support for the first versions of the ATT&CK Matrix in our Deception Director product at the end of 2018, and now we are rolling out all the new subtechniques.
In a post COVID-19 world the security landscape of many organisations has been radically realigned. In particular, the healthcare sector was facing significant challenges prior to the pandemic, so the current situation has only added to the security burdens they face. During the course of 2018-2019 the sector suffered a number of significant data breaches. The question most CISOs face is how they can radically improve the security controls in an environment where they, above all sectors, will probably face a greater number of attacks from a diverse range of threat actors.
Page 2 of 9
