Deception technology is about fooling attackers into going after the wrong parts of your network. It gives defenders an opportunity to stop attacks before they have any impact on real systems or data. It is something that is growing in popularity as defenders look for any edge in the daily fight against cyber attacks.
Carolyn Crandall is Chief Deception Officer at Attivo Networks. Crandall describes her job as fascinating and says she spends a lot of time explaining why: “Prevention alone is not sufficient, you need mechanisms for detection.” Many organisations set up canary systems and think that is good enough to let them know if an attack is in progress. The problem is that it assumes the attacker will fall for it and you react in time.
Many defensive systems are about stopping the attacker getting into the network. It was a great idea two decades ago when we still had a perimeter. Today, the attacks are just as likely to come from inside the network as they are from outside. This means that the technology has had to evolve.
One way that Crandall sees this happening is mirror matching the production systems. Let the attackers work through a copy and see what they are doing and how. It allows the real systems to be hardened. As Crandall says: “If you can create a system where the attacker cannot tell real from fake you all of a sudden start to tip the advantage back to the defender.”
To hear more of what Crandall had to say, listen to the podcast
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there