Deception in Cyber Defense

Using deception in cyber defense is an established concept. Honey pots, computers with false data containing inherent vulnerabilities that will attract attackers and keep them occupied, etc., have been around since before the turn of the century. Honeynets, networks of honeypots intended to mimic a legitimate network, closely followed.

By serving as “low-hanging fruit” to keep attackers occupied, these devices help to protect company networks by pulling attackers’ focus away from the (likely also vulnerable) company machines.

The deployment of deception machines that will attract hackers is a fine balance between being believable and being discoverable.

Honey pots must be believable since their entire purpose is to distract an attacker from real machines on the network. If it’s obvious to an attacker that they’re looking at a honey pot, they’ll look elsewhere.

On the other hand, honey pots also need to be easily discoverable and more vulnerable than their “real” counterparts in the company network. If the honeypot isn’t easy for an attacker to exploit, there is a good chance an attacker will pick another target as their infection point.

In both scenarios, the honey pot would have failed in its purpose.

Traditional honey pots are extremely obvious to attackers. They typically are static and must have a gaping -- i.e. extremely obvious -- vulnerability to attract attackers’ attention. While this may fool inexperienced hackers experimenting with automated tools, professional hackers quickly identify and reject such targets as potential infection vectors.

The inevitability and increasing complexity of attacks call for ever more sophisticated deception campaigns. In response, tools leveraging machine learning and advanced heuristics to automate the generation, deployment, and ongoing management of deception programs are becoming prevalent. However, the effective use of these tools often requires specialized training that can be costly. In many scenarios, the combination of deploying internal resources and engaging with a cybersecurity consulting partner that offers staff augmentation services can yield a faster ROI to technology investments in this area.

For more information about how Avertium can help in this area, reach out for a consultation.