Midsized companies with revenues from $100 million to $1 billion spent an average of $3 million on information security as of 2014 per "The Global State of Information Security Survey 2015" from PwC.
"I promise you, bad guys are not spending $3 million to break into your organization," says Allen Harper, chief hacker, Tangible Security. Still information burglars are getting through.
And since 92 percent of IT and security professionals surveyed globally use signature-based antivirus software on their servers, despite AV's inability to stop advanced threats and targeted attacks, according to Bit9's 2013 Server Security Survey, exploits such as zero-days, which have no signatures give attackers the upper hand.
To turn the tide, security experts are pressing enterprises to turn to behavior-based approaches where an illicit behavior can identify a probable exploit, whether security software has an example of its fingerprint" or not. Security researchers are updating a behavior-based approach that has been around for decades.
That approach is Deception. Deception identifies an attacker when they exhibit the behavior of simply falling for the Deception, such as by trying to interact with a fake web server that no one with a legitimate business purpose is using. CSO explores the purposes and strengths of Deception together with examples of its technologies and approaches.
Purposes and strengths
"I want the bad guy to expend more effort trying to break in than I expend to keep him out," says Harper. Deception approaches work to make life harder for an attacker and easier for the enterprise. Used properly, deception will lead cyber criminals to exert increasing amounts of time, effort, and resources to break through your defenses while making it easier for you to detect and dispense with them with less effort.
"Effective deception tools change the behavior of the adversary," says Harper. They make the work on the cyber hood's plate pile up while offering no reward for his trouble. His thought processes must adjust because he has to deal with something he wasn't counting on. You are no longer the low hanging fruit. And it will be easier for him to simply attack another range of IP addresses that belong to someone else.
"Deception keeps the efforts of the defending enterprise at a manageable level," says Harper. The cyber thug has worked to locate IP addresses and ports that appear to have the servers and services he can benefit from attacking. He has worked to develop specific tools and approaches that routinely prove effective at breaking in and stealing data. He has fine-tuned his ability to stealth his activities.
Yet, the ports are bare and the servers and services are phony. Every tool and approach he knows falls flat, going nowhere and rendering nothing. And because he is attacking a deception that has no business use, no one ever goes there but hoodlum hackers, so you can instantly identify him on his first attempt.
Sign up for CIO Asia eNewsletters.