The menace of advanced persistent threats (APTs) globally has skyrocketed this decade, fed by global sociopolitical issues and a worldwide pandemic. In June 2021, the European Union Agency for Cybersecurity (ENISA) reported that the number of malicious attacks against critical sectors had more than doubled in 2020, and experts agree that the trend is only increasing. The complexity of today’s systems requires a concerted effort and innovative solutions. Even the smallest security hole or configuration error can result in difficult-to-solve and very expensive issues.
Cyber deception arrived to the cybersecurity market about a decade ago and is now a mature security solution, recommended by industry experts. According to Gartner, “Technical professionals focused on security should evaluate deception as a “low-friction” method to detect threats inside their environments and as an alternative or complement to other detection technologies.” By demonstrating the increase in detection and coverage, a team can justify the spend on deception technology. Here are three reasons adopting cyber deception now is a good idea for your organization.
1) Cyber deception is the best tool for defending against sophisticated threat actors.
Cyber attacks are more sophisticated and rapid fire than ever before. Threat actors are employing artificial intelligence and machine learning to unleash automated cyberattacks that can easily compromise secure networks without human intervention. Modern cyber attacks have grown so sophisticated that no one is safe, and they can be quite complex and hard to detect.
More forward-thinking organizations should leverage deception in-depth as a new strategy for comprehensive threat defense against the onslaught of advanced attackers and attack techniques. This is especially true of larger organizations under constant threat — for example, those in the financial services, healthcare, government and software verticals.
Cyber deception offers the opportunity to engage the attacker from a psychological point of view and influence their decisions, a vital move for more advanced security teams. An organization’s security approach changes dramatically when they go from playing defense, hoping to protect assets, to playing offensive and taking control of the attacker-defender dynamic.
Cyber deception, unlike many security tools, can identify attacks before they happen. What if we could see threat actors’ movements during or before an attack? Would that give us a better chance to understand and adapt to threats in a more timely and effective manner? Deception technology is virtually the only tool that allows the detection and observation of threat actors before they have entered a network. Move left on the cyber kill chain and watch your business’s security drastically improve. Deception improves the detection of even complex attacks, reducing the ability of attackers to dwell inside your network undetected.
2) Cyber deception increases SOC team productivity by virtually eliminating false positives.
Research reveals that security teams spend about 25% of their time chasing false positives1. By reducing these false positives, security teams gain an easy win, increasing SOC analyst productivity and improving security effectiveness. By getting rid of false positives, organizations can save a median of about $2,000 a month per SOC analyst.
On average, security teams must evaluate and respond to nearly 4,000 security alerts per week, according to the Exabeam SIEM Productivity Study. Most of these security alerts or indicators of compromise (IOCs) are erroneous. Anything that can be done to cut down on valuable time wasted is a fantastic use of resources.
3) Cyber deception provides threat intel and alerts in real time, shortening MTTD.
In incident detection and response, time and context are crucial. Dwell time is one of the best indicators of an enterprise’s security. It is a direct reflection of how good your security team is at inding and eliminating breaches. Dwell time typically ranges between 200 to 250 days, but according to Gartner, deception decreases dwell time in more than 90% of breaches. CounterCraft’s cyber deception technology is capable of alerting before critical assets have been breached, decreasing dwell time and reducing the Mean Time to Detection, or MTTD.
While the security team deals with the alert, the attacker is led to a deception environment buffer zone where the team can analyze log and network data, as well as getting contextual intel of the incident. MTTD is reduced and valuable information such as how the attacker got in, what TTPs are used, and what the actor will do next can be gleaned from the real-time threat intel. This helps security teams establish the attacker’s motivation and build a profile on the attacker in real time, allowing organizations to adapt the defenses and reduce the adversary’s ability to harm the organization, resulting in huge savings to an organization.
The changing threat landscape globally continues to necessitate new solutions, and cyber deception fills the gaps left by more traditional cybersecurity tools. For a demo, get in touch with us today.
Raúl Pérez is the Regional VP of Enterprise Sales for CounterCraft, with expertise in business and channel development, and is on LinkedIn.