Smoke & Mirrors

By now, you’ve probably been bulldozed with solution briefings, white papers, vendor pitches, and webinar invitations to discuss how this ransomware could have been stopped. We’ll do things a little differently. We’ll of course include our resources at the end of this post, because obviously we don’t want to be left behind. But we’ll first […]

We’re almost halfway through 2021, and there seems to be a ransomware resurgence. Or that’s what the headlines will have you believe. On the contrary, the opposite might be true. According to a Sophos survey, ransomware attacks seem to have gone down in 2021. Only 37% of the organizations surveyed have said they experienced a […]

COVID-19 has impacted security measures like monitoring, fewer organizations are detecting threats, phishing is the most common threat, and more. Includes active defense recommendations.

When evaluating deception technology, look at three key components of the solution to ascertain how effective it will be in your environment – visibility, realism, and fingerprintability.

Insurance companies are under siege from cyberattacks. We take a look at some of the key pieces of an insurer’s infrastructure the adversaries target and how you can use deception to build active defenses.

Pentest reports tell a story. By asking why a pentester made certain choices, you can find opportunities to influence attacker behavior and actively defend your network.

For free, of course. At this point, I’m positive that you’ve heard of MITRE Shield. It’s a new active defense knowledge base released by MITRE – stuff they’ve been implementing for over a decade to engage adversaries and derail attacks. They’ve opened it up to everyone, and for the first time perhaps, the infosec community […]

Active defense provides defenders with a shared vocabulary and framework for actively dealing with threats instead of passively reacting to them.

Deception technology is a different way of thinking about cybersecurity. Without it, attackers have the advantage. You can take that advantage back.

Decoys can be deployed everywhere in your network – current-gen deception technology makes that possible. There are however no free lunches and pervasive deception might come with a cost. So the question is, should you?

COVID-19 has put pressure on staff, business operations, and investments. To help offload some of that stress, we’ re giving a three-month license of our perimeter deception solution to essential services organisations for free.

Learn how deception technology enables SOCs to move from simple log aggregation and static detection use-cases to a proactive, low false-positive detection model that heavily automates response mechanisms.

If you’re a target for either financially motivated cyber-criminals, or nation-state grade attackers, chances are your security team feels outgunned. Deception technology excels at detecting these attacks by shifting the cognitive, economic and time costs of the attack back onto the attacker.

Since there’s precious little information on how security teams can make deception implementations successful (some folks like to keep it a secret), there’s plenty that can go wrong. Here are 7 ways to completely botch your deployment of deception technology.

Deception technology is a major buzzword today. In order for you to cut through the marketing hype, here’s a set of evaluation questions that will help you better understand disparate deception offerings and identify vendors that know what they’re doing.

Signatures take a beating in most conversations in security. What, if anything, are they actually good for, then? Team Smokescreen stands up for the rights of the humble signature, explaining why they’re misapplied and how to better use them for defence

People often ask me about ‘adversarial thinking’ — that somewhat amorphous concept that defines security folk with the uncanny ability to mentally model how things can break. Here’s how you approach it.

The parallels between deception in the real-world, and deception in cyberspace are clear and easy to understand. However, deception in the digital battlefield is far more nuanced — it’s easy to do it badly, and far harder to get it right. Which makes it rather similar to a more traditional security practice — cryptography.

Deception in cybersecurity has come a long way from the early days of honeypots. Recent advances in virtualisation and evolving modern attacks have led to a rapidly maturing set of capabilities that organisations must adopt to see value from deception systems.

Gartner lists deception as a top 10 cybersecurity technology for 2016

Deception has a centuries-old successful history in military warfare. Military doctrine from Sun Tzu, Genghis Khan, and Machiavelli, all the way through the Second World War has stressed the importance of deceiving the enemy to know their plans and thwart their objectives.

Leading companies are changing their approach to cybersecurity. Here’s how – (1) Focusing on detection and response, (2) Making security alerts actionable, (3) Increasing internal network visibility, (4) Removing the human element in monitoring, and (5) Catching attacks early with threat intelligence.

Bypassing anti-malware systems is so trivial that attackers don’t treat it as a major obstacle. Even newbie pen-testers know how to go from off-the-shelf malware to “fully undetectable”. Attackers have it automated. Stop solving the symptoms, and start solving the problem.

‘Event fatigue’ is a real concern. It’s not even surprising to seasoned security professionals to find that the alerts from monitoring systems are ignored, or even worse – disabled, often in the name of ‘tuning’ the system. Here’s a better approach.

We’re big fans of the SANS team and of Lenny Zelster. Lenny has discussed deception in his recent series of blog posts, and we highly recommend reading his history of deception. Here we extend a couple of his main arguments.