In 2021, deception solutions have grown from a nice-to-have option to a must-have for threat analysis teams, especially at verticals that are constantly targeted and hit by advanced persistent attacks. Deception provides very real value, and we’ve gotten together a list of the biggest benefits of employing deception technology.
Read on for our list of the top 10 ways your business can benefit from employing deception techniques as part of its cybersecurity strategy.
1. Gather threat intelligence tailored to your business.
One of deception’s great advantages is its ability to deliver contextualized actionable threat intelligence to security teams. Using deception technology allows you to create an environment where you can observe the threat actor’s movements with no risk to your organization’s cybersecurity. This allows you to gather useful data that is totally specific to your business, and to do so in real time.
2. Improve your security posture.
With the threat intel gathered by deception, your business will be able to make better security decisions. This provides a clear understanding and a new point of view about how to better protect organizations now and in the future against existing and new attacks.
3. Engage the attacker.
Deception also offers the opportunity to engage the attacker from a psychological point of view and influence their decisions, a vital move for more advanced security teams. The security approach changes dramatically when you go from playing defense to protect assets, hoping that nothing will happen, to playing offensive and changing the status quo of the attacker-defender model.
4. Increase rates of detection of cyber attacks.
The complexity of today’s systems requires a great effort to keep any type of business safe. From a small security hole to a configuration error, problems are inevitable and once they have occurred, they are difficult to solve and very expensive. By demonstrating the increase in detection and coverage, a team can justify the spend on deception technology.
5. Reduce dwell time.
Deception improves detection of complex attacks, reducing the ability of attackers to dwell inside your network undetected. Dwell time is one of the best indicators of an enterprise’s security. It is a direct reflection of how good your security team is at finding and eliminating breaches. Dwell time typically ranges between 200 to 250 days. According to Gartner, deception decreases dwell time in more than 90% of breaches.
6. Detect attackers before they enter the network.
Deception technology is virtually the only tool businesses have that allows them to detect and observe threat actors before they have entered a network. Move left on the cyber kill chain and watch your business’s security drastically improve. Watch this video for more on how deception can help you move left on the cyber kill chain.
7. Reduce the number of false positives.
Deception produces the most high fidelity alerts in the cybersecurity sector. These alerts can be leveraged by the security departments to react and respond in a more accurate and timely manner. This helps to alleviate some of the burden on SOC departments. Less time spent triaging alerts means more time to react.
8. Protect against insider threats.
Detecting insider threats is not easy for security teams. The insider has legitimate access to the organization’s information and assets. Distinguishing between normal activity and potentially malicious activity is a challenge. An internal lateral-movement deception campaign is one of the only ways to detect this kind of security breach and can work to provide high-confidence alerts to adversarial presence.
9. Improve cyber resilience.
All of the aforementioned points come together to create a real improvement in cyber resilience. When a business improves cyber resilience, this helps ensure business as usual, keeping key components of your network online so that you can conduct your business without interruption.
10. Lower the monetary cost and impact per security incident.
Deception technology allows an organization to detect complex threats far more quickly than before, and reducing the costs associated with detecting more mundane (less technically sophisticated) attacks. Deception sets up decoys that look and feel like an integral part of your network. From the way they are crafted, it is very difficult for the attacker to distinguish the real from the fake. This means that the attacker must make the right choice every time. There is every possibility that the attacker will make the wrong choice, so potentially we can improve the time it takes to detect the attack. Obviously, the sooner we can detect the attacker, the sooner we can shut down the attack and speed up incident recovery.
Take Action
Annual losses from cyberattacks averaged $4.7 million (€4.2 million) in the last fiscal year according to a new report by The Cybersecurity Imperative1.
What if we could see threat actors’ movements during or before an attack? Would that give us a better chance to understand and adapt to threats in a more timely and effective manner? Deception technology offers a solution to many of these questions and offers a glimpse into the benefit of having this information. As master Sun Tzu said several centuries ago: “If you know yourself but not your enemy, for every battle you win you will suffer a defeat.”
1https://econsultsolutions.com/wp-content/uploads/2019/07/2019_Cybersecurity_Pulse_Report_Executive_Summary_FINAL.pdf
Raúl Pérez is the Regional VP of Enterprise Sales for CounterCraft, with expertise in business and channel development, and is on LinkedIn.