Deception Technology is a defense practice in cybersecurity which aims to deceive attackers. This is done by the distribution of a collection of traps and decoys across your organization's systems infrastructure, in order to replicate
Deception technologies have to be designed in a way to entice the attackers so that they consider it to be a worthy asset and inject a malware. Upon injection of the malware into the decoy, automated static and dynamic analysis of the
injected malware is conducted and reports are automatically generated and sent to the Information Security team of your organization.
What Type of Activities Do Deception Systems Detect?
- Credential Theft :It detects the theft of login credentials like username and password details of users from directories such as OLAP where they are stored.
- Lateral Movement : It detects the movement of a hacker across networks.
- Hacking into directory systems : It detects an attack on the file systems or directories of the end-users.
- Man-in-the-middle : This potentially occurs when communication between two parties are involved. The hacker tries to infiltrate the network and change communication between the involved parties unknown to them.
- Access to sensitive information: When the cyber criminal tries to steal sensitive and/or confidential data.
- Geo-fencing: When the attackers attempt to hack into deception files that provide virtual geographical location when opened.
Benefits of Deception Technology for both large and mid-size businesses:
- Rapid detection time and instant remedial methods
- High-fidelity alerts that expeditie responses to incidents, simultaneously eliminating false alerts
- It can provide adversary intelligence through indicators of compromise (IOC) and tactics, techniques and procedures (TTP)
- Early detection gives time for reconnaissance and helps complicate things for the adversary by adding additional decoys around critical assets