As environments sprawl and complexity mounts in the security space, many security teams are shifting from a preventiononly mindset, to a focus on early detection and accelerated response. The earlier attackers are detected in the attack chain, the greater chance security teams can eliminate threats before they become catastrophic. At the core of implementing such a strategy is tapping into the right level of visibility to capture actionable insights, without getting bogged down in more noise and unmanageable data.
Deception technology is an emerging category of cybersecurity defence. Deception technology products can detect, analyze, and defend against zero-day and advanced attacks, often in real-time. They are automated, accurate, and provide insight into malicious activity within internal networks which may be unseen by other types of cyber defence. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.
Deception technology is a cybersecurity defence practice that aims to deceive attackers by distributing a collection of traps and decoys across a system’s infrastructure to imitate genuine assets. If an intruder triggers a decoy, then the server will log and monitor the attack vectors utilized throughout the duration of the engagement.
As attack vectors become increasingly complex, organizations need to be able to detect suspicious activity earlier in the attack chain and respond accordingly. Deception technology provides security teams with a number of tactics and resulting benefits to help:
- Decrease attacker dwell time on their network
- Expedite the average time to detect and remediate threats
- Reduce alert fatigue
- Produce metrics surrounding indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).
In incident detection and response, time and context are crucial. And yet many detection solutions wait until critical assets have been compromised to send an alert, while others—like those that only analyze log and network data—can’t provide important details, such as how the attacker got in, or where they’re headed next.
CYBERSHIELD MDR, Wizard Cybers Managed cybersecurity service, can help close these gaps in detection. We do this by making attackers they simply cannot refuse. We can attract and draw out malicious behaviour.
Weave intruder traps into your larger monitoring strategy
CYBERSHIELD MDR offers four types of intruder traps to detect attackers earlier during network recon and lateral movement—before critical data is stolen. All four – honeypots, honey users, honey credentials, and honey files – are quick to set up and built using continuous attacker research. We combine this deception technology with user behaviour analytics (UBA) and endpoint detection, you can be sure it will detect intruders across the entire attack chain.
We deploy and manage multiple honeypots with ease
When an attacker first lands on your network, it’s a beautiful thing. Why? It’s one of the rare moments you actually have the upper hand. Here’s how it works: Attackers use internal reconnaissance, such as network scans, to determine where to laterally move next. Decoy machines/servers set to listen on the network, detect the use of Nmap and other scanning tools to alert you to an attacker’s presence.
Catch the use of stolen credentials, including pass-the-hash
Once an attacker compromises an endpoint, they can extract password hashes and even cleartext credentials, no outside malware required. While endpoint detection and response solutions may be able to identify privilege escalation and other malicious exploits, the question remains: What did the attacker do from there? We provide real-time endpoint detection but also injects fake honey credentials on your endpoints to deceive attackers. If this credential is used anywhere else on the network, such as with pass-the-hash, you’ll be automatically alerted.