Blog  

Cyber Deception Should Be Part of Your Threat Detection Strategy

Cyber Deception and the Rule of Three

Last week, CounterCraft attended the Gartner Security & Risk Management Summit. This year, the event was virtual, and it was a very insightful experience that helped us connect with the challenges and needs of the end client as well as listen to the analyst recommendations.

The highlight for us was, of course, the talk about cyber deception given by the analyst Pete Shoard and titled “Deception Should Be Part of Your Threat Detection Strategy”. Mr Shoard covered in the presentation the role that cyber deception has as part of a wider cybersecurity strategy, with its benefits and limitations, the scenarios where cyber deception might be the answer, and his recommendations.

In this blog post we will cover some of the key points we took away from his presentation, that we believe answer some of the questions you might have about cyber deception.

Attackers Are Human (And Can Be Deceived)

To open the talk, Mr Shoard tricked the audience with a slide that said something different than what we all thought. He used it to convey the message that attackers are human, and therefore easy to fool as well. This point might have passed unnoticed, but it is important to understand that deception is mostly effective and designed for human-led attacks, and even more effective for those attacks that are targeting specifically your organization.

Security is a battle, so we should take as much advantage as possible. Cyber deception creates confusion and distraction for the attacker, and that confusion results in allowing those defending the network to detect them, creating that much needed advantage over them.

Cyber Deception Helps Answer Fundamental Questions

In the words of the analyst, “deception technology is very good at answering questions”. And from our clients’ experience we believe that the answer to those questions can help you prioritize and build a more resilient cybersecurity strategy.

Some of the most common questions are:


Can I know what the attacker’s objectives are?
Can I gather evidence about that intent and store it to use it against the attacker?
Can I learn about preventative measures? Details that I might not have otherwise?


The information about the intent of the attacker and the path they are following is highly valuable intelligence to prevent those types of attacks from happening in your real infrastructure. Cyber deception for CounterCraft is not only detection —it’s also the way to gather actionable threat intelligence in real time that otherwise you would not have. This intelligence helps you make informed decisions about what your risk profile looks like and how you will need to align your security posture so it mitigates effectively these risks.

Enhancement Rather Than Replacement

Deception technology is complementary to traditional security methods as it enhances their capability. It’s an additional function rather than a replacement.

Cyber deception might be the answer to the threats you are facing, especially in areas where other security toolsets are not as effective. These are some scenarios or use cases where you should consider cyber deception:


- If you have concerns about insider threats
- To prioritize preventative measures based on intelligence about how the adversary works
- If you have concerns about industrial or state-sponsored espionage
- If you have highly valuable information and you need to make it really hard for adversaries to find it
- For environments where it is not possible to add more or simply to use other security controls, like OT environments for example
- For threat hunting


Conclusions

You need a strategy that includes deception technology, but not a strategy that is deception on its own. If you are a mature organization, cyber deception is an enhancement, and if you are still at the beginning of the curve, it can be a starting point. From our experience, cyber deception closes the gaps where other security tools can’t reach.

Cyber deception is an integral part of your defense in depth strategy to ensure you have no single points of failure in your security posture. This is a fundamental building block for creating a cyber resilient organisation.

Mr Shoard recommended to speak with the vendors to understand what you would get. So if you would like to know more, do not hesitate to reach out to us to speak with one of our experts.

Author: Marta Fernández, UK Channel Manager

Like Jim Morrison said, this is the end. But you can...