Category: Strategy

When evaluating deception technology, look at three key components of the solution to ascertain how effective it will be in your environment – visibility, realism, and fingerprintability.

Insurance companies are under siege from cyberattacks. We take a look at some of the key pieces of an insurer’s infrastructure the adversaries target and how you can use deception to build active defenses.

Pentest reports tell a story. By asking why a pentester made certain choices, you can find opportunities to influence attacker behavior and actively defend your network.

For free, of course. At this point, I’m positive that you’ve heard of MITRE Shield. It’s a new active defense knowledge base released by MITRE – stuff they’ve been implementing for over a decade to engage adversaries and derail attacks. They’ve opened it up to everyone, and for the first time perhaps, the infosec community […]

Active defense provides defenders with a shared vocabulary and framework for actively dealing with threats instead of passively reacting to them.

Decoys can be deployed everywhere in your network – current-gen deception technology makes that possible. There are however no free lunches and pervasive deception might come with a cost. So the question is, should you?

If you’re a target for either financially motivated cyber-criminals, or nation-state grade attackers, chances are your security team feels outgunned. Deception technology excels at detecting these attacks by shifting the cognitive, economic and time costs of the attack back onto the attacker.

Since there’s precious little information on how security teams can make deception implementations successful (some folks like to keep it a secret), there’s plenty that can go wrong. Here are 7 ways to completely botch your deployment of deception technology.

Deception technology is a major buzzword today. In order for you to cut through the marketing hype, here’s a set of evaluation questions that will help you better understand disparate deception offerings and identify vendors that know what they’re doing.

People often ask me about ‘adversarial thinking’ — that somewhat amorphous concept that defines security folk with the uncanny ability to mentally model how things can break. Here’s how you approach it.

The parallels between deception in the real-world, and deception in cyberspace are clear and easy to understand. However, deception in the digital battlefield is far more nuanced — it’s easy to do it badly, and far harder to get it right. Which makes it rather similar to a more traditional security practice — cryptography.

Gartner lists deception as a top 10 cybersecurity technology for 2016

Deception has a centuries-old successful history in military warfare. Military doctrine from Sun Tzu, Genghis Khan, and Machiavelli, all the way through the Second World War has stressed the importance of deceiving the enemy to know their plans and thwart their objectives.

Leading companies are changing their approach to cybersecurity. Here’s how – (1) Focusing on detection and response, (2) Making security alerts actionable, (3) Increasing internal network visibility, (4) Removing the human element in monitoring, and (5) Catching attacks early with threat intelligence.

Bypassing anti-malware systems is so trivial that attackers don’t treat it as a major obstacle. Even newbie pen-testers know how to go from off-the-shelf malware to “fully undetectable”. Attackers have it automated. Stop solving the symptoms, and start solving the problem.

We’re big fans of the SANS team and of Lenny Zelster. Lenny has discussed deception in his recent series of blog posts, and we highly recommend reading his history of deception. Here we extend a couple of his main arguments.