Honeypots have been perceived by some to potentially add additional risks by enraging the threat actor, creating new security holes or increasing liability for an organization if the attacker were to compromise a system, and then begin to attack outwardly onto the internet from the honeypot itself. Today's honeypot has evolved toward greater automation, and offers enterprise-class features and operational capabilities.
4. Reports say that by 2018, 10 percent of enterprises will use deception tech. What lies next in the world of deception tech?
Deception techniques and technologies have so far had only nascent adoption in the market. Most recent adoption has been focused on distributed decoy sensor providers, deployed inside the network to enhance malware and threat detection. This has largely been because deceiving a threat actor can be difficult, and must be orchestrated in the proper way for it to be believable.
However, some providers are now successfully deceiving in a believable manner. Distributed decoy systems and endpoint deception agent solutions are gaining traction within financial services and healthcare verticals because they are entities that are very commonly attacked for their sensitive information. Additionally, other large type-A buyers with lean-forward security programs are adopting distributed decoy systems to enhance their deception operations capabilities
5. Takeaways for enterprises already using deception technology, and ones considering adoption of deception tech:
- Deception technology is of more relevance for lean forward and mature enterprises.
- The deception stack consists of sets of tools and responses that operate at different layers the attacker may interact with - the network, endpoint, application, and data layers. It is important to note that the further up the stack deceptions move, the more difficult the deception is to maintain against a formidable and well-educated adversary.
- Threat deception is not an easy concept to understand and requires a mindset shift from being overly preventive, to a mindset that thinks like the threat actor, and placing lies and misdirection throughout their interactions. Enterprises require a proper training to fully utilize the solution.
Source: Computerworld India
Sign up for CIO Asia eNewsletters.