As a U.S. army veteran, I constantly reflect on military principles to establish resilient cybersecurity practices.  In infantry tactics the front line is an area of great strategic importance.  Various armed services branches have other terms for the front such as Forward Line of Own Troops (FLOT) and Forward Edge of Battle Area (FEBA).  Whatever you call the front, the ability to stop the enemy where you first face them is vital.

Another established military concept is deception, or the efforts to mislead and distract the enemy during war times.  Deception is a proven tactic leveraged throughout the battleground and is particularly effective when deployed at the front.

However, few are pushing deception to the cyber front line, meaning deployment at our network perimeters.  A paired approach of deception both at the edge and internally represents a tremendous opportunity to reduce attack vectors and strengthen overall cyber defense.

Attackers relentlessly test our defenses attempting to infiltrate networks

Attackers don’t exist on a single front, nor are they easily identified.  They might be friend one day and foe the next.  They are mobile and alternating positions around the world constantly.  Attackers campaign globally, acquiring new host victims to amplify capabilities, and use those assets to size up networks for attack.  The bigger the force assembled, the better they can camouflage efforts.  And in most cases, it all starts with a reconnaissance scan.

Based on these variables we desperately need a better way to draw out and identify threats.  Third-party intelligence lists are both necessary and insufficient unto themselves, as they might not be entirely accurate or applicable to your situation.  The gating factor for what gets into the network should be what you want on your network, not just what the industry says is good or bad.

Unfortunately, other deception providers have conceded the cyber front line.  Even their reconnaissance stage deception is restricted to the inside, detecting the recon scans of threats already on the network.  Again, this is both necessary and insufficient.  The optimal use of deception includes BOTH internal and external facing decoys.  And it is active, meaning it not only deceives and detects threats, but also provides the means to stop threats outright.

Our different approach to deception is based on lessons I learned in the Army.  In addition to our internal deception, we also have the industry’s only exterior facing decoys for the perimeter.  This perimeter deception proactively finds threats and will incapacitate them before they get on the network, eliminating their ability and desire to do battle.  Furthermore, external decoys can be rotated to create the appearance of a moving target, making the network much harder to detect.

PacketViper deception is a tool based on basic warfare strategic concepts

The mission for our internal and external deception is grounded in the following principles:

• Eliminate the enemy’s capability to operate
• Severely limit global attack vectors
• Create the appearance of a moving target
• Camouflage existing perimeter defenses
• Lure enemies using false responses
• Distract and divert enemy resources
• Capture new intelligence sources and take action

The front line of the cybersecurity battle is the network perimeter.  Deploying active deception both internally and at the cyber ‘front line’ can go a long way to shut down adversary operations.  This is a practical approach to network defense blending basic military techniques with innovative new cyber security tactics that all can benefit from.

PacketViper.  Lightweight deception.  Heavyweight results. 

Source: The Art of Darkness: Deception and Urban Operations WHAT IS DECEPTION? WHAT IS MILITARY DECEPTION?