A cyber-attacker successfully breaks into your environment and begins sneaking around to find something valuable – intellectual property, bank account credentials, company plans, whatever. The attacker makes his way to a certain host on a network node to browse the directories, and suddenly, his connection is cut off. The stolen username and password he acquired no longer works.
Unknowingly, the attacker triggered a well-concealed trap that detected his presence, took immediate action to sever his connection, and then blocked his reconnect ability. Very cool.
The concept of Deception technology is pretty cool. And it can be an extremely valuable security layer that comes into play when other security layers are successfully bypassed. The problem, however, is that only very large enterprises have been able to leverage Deception technology due to its cost and complexity to implement and maintain. Unfortunately, small to medium-sized enterprises, the so-called SMEs, just don’t have the budgets and staff required to leverage this valuable technology.
A Game Changer for Deception Technology
Cybersecurity company Cynet recognizes the tremendous value of deception technology. So much so, in fact, that they built deception technology natively into their XDR platform (Read more in this Deception whitepaper).
In this way, Cynet clients automatically receive robust Deception technology, pre-integrated as part of their XDR platform. In simple words: instead of buying deception technology on top of the existing endpoint protection (NGAV/EDR) – you get Deception as part of your endpoint protection solution, together with other benefits of XDR.
This is a boon for those businesses that could not afford to purchase Deception technology from a specialized vendor and for those that simply didn’t want the headache of deploying, integrating, operating, and maintaining yet another cybersecurity solution. While cybersecurity seems to be getting more complicated, requiring more solutions and more oversight, the Cynet approach is a breath of fresh air.
Once the Cynet XDR solution is deployed, clients simply configure various types of decoys across their environment, and that’s that. Three types of decoys are configurable within the platform:
These are decoy data files and links that appear exactly as an attacker would see for legitimate data files and links. When an attacker opens a decoy data file, an alert is triggered along with details surrounding the file access, such as the attacker IP address, the victim IP address, hostname, and file name.
Clients can use off-the-shelf decoy files and even craft their own. Just be careful that when naming a file “top secret information.docx,” it may tip off attackers that you have Deception technology in place. Keep decoy file names consistent with your conventional file naming methods.
These are decoy user accounts that can be placed across multiple endpoints. When an attacker uses decoy credentials to login with one of the decoy users, an alert is created. Again, usernames and account information should mimic conventions used within your organization.
Adding decoy hosts within your network environment is another way to uncover attackers on your network. The decoys are made to appear as valuable systems that legitimate users interact with to perform their tasks. One idea is to actually create far more decoy hosts than real hosts, putting the odds in your favor that a successful attacker will make the wrong move and expose his presence – which is the right move from your perspective!
|Example showing Cynet deception hosts (shown in orange) on network
Deception As A Platform Component
It seems that something as useful as Deception technology should be deployed as a critical component of every company’s cybersecurity technology stack. However, the expense and complexity of adding this technology have certainly been a barrier to widespread adoption. The approach Cynet is taking – included Deception as one component of their robust XDR platform – changes the narrative. Implementing Deception technology doesn’t cost anything extra and can be implemented with the click of a mouse. And I’m not pretending!