Technology is changing rapidly and many organizations still use the same security tools from years past. There are many exciting new technologies available in the network security market, as well as clever takes on old themes. It is important to be aware and understand the benefits of the technologies available to your team.
Deception-Based Defenses
Organizations spend a lot of time and effort to secure their data. It is also important to realize that attacks can strike any system. These two concepts seem to be in direct conflict. How can we protect ourselves if we know we will be hacked?
Although the idea of a honeypot is not new, the concept of defense through deception was elevated to a new level with the advent of automation.
Active deception
Many cyber security companies are trying a new approach to security: deception. Their idea is simple: to make attackers spend their time trying to hack into a network that is in fact fake. The system can dynamically create decoys that imitate normal user activity, network traffic, or data. It is understood that regular employees would not have any reason to interact directly with these decoys. Therefore, any users attempting to access those systems must be malicious.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Start trainingAttackers almost always compromise a single system, and then move through the network following context clues in order to find valuable data or other systems. Many deception systems work around this by seeding legitimate devices and providing information that leads attackers to the false network. To lure an attacker into infiltrating a target, objects such as files, recent documents, and rdp shortcuts are used. This is a welcome shift in proactive defense and allows security personnel to out-maneuver terrorists.
The system will also continuously inventory your network to try to replicate your production environment. The goal is to have a convincing set decoys that can capture and detect attackers and alert security engineers with almost zero false positives.
It is impossible to overstate the impact of a very low false positive rate. Security teams are constantly fighting against the flood of alerts and information from the many systems that they manage. This product is an attractive option for security teams looking to add a tool that doesn’t require additional triage work. Gartner says deception is a “far underestimated technology that offers serious advantages over attackers.”
Rapid7, TrapX and Fidelis Cybersecurity are just some of the companies that have added this technology to their offerings.
The Power of AI
SIEMs and log analysis tools were previously built on top dictionaries of pattern matching strings written by humans. This works well for known threats, but can also lead to missed threats. A powerful new ally will be systems that can create their own baselines and recognize deviations.
DarkTrace is described as an “enterprise immune program”. DarkTrace is a network traffic analysis tool. It uses machine learning and AI for network anomalies and detection of threats. It allows the system autonomously to respond to, interrupt, or prevent breaches.
DarkTrace is not marketed as an antivirus, SIEM or firewall, but rather as something that can be used to monitor all of them. It can monitor many additional systems that traditional security stacks cannot. Many devices are network-connected and are often not covered by the standard security systems. Things like IoT lights and thermostats. DarkTrace is network-based and agentless.