NIST gets down with Deception

Written by: Don Gray | Published on: July 31st, 2019

About The Author

Don Gray
Don Gray CTO Don Gray is responsible for the continued development of the PacketViper technology roadmap, harnessing his extensive experience in cybersecurity software strategy and technology development. Previously Don contributed to blogs and threat intelligence reports for NTT Security (formerly Solutionary).

Enhanced security requirements lead NIST to recommend deception technology

A lot of CISOs look to the National Institute of Standards and Technology (NIST) and ISO for third-party validation of appropriate security controls and security program approaches. They bring credibility and gravitas to what others may view as arbitrary or over-burdensome controls and processes. They can help free up budget dollars and shape digitization efforts across IT and security.

And up until recently, they haven’t had anything to say about the use of deception solutions. That’s been a barrier to market penetration for the industry. Forward-looking CISOs that are likely to try disruptive technologies may have their eye on deception solutions, but without the backing of an independent third-party, it could require too much political capital to fight for.

Draft NIST Special Publication 800-171BSo, to finally see the embracing and recommendation of deception technology by NIST is a welcome event. The June draft of NIST Special Publication 800-171B, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, discusses enhanced requirements derived from the Security and Privacy Controls document (SP 800-53) for protecting against cyber attacks. This new NIST document offers recommendations for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations where that information runs a higher than usual risk of exposure. Deception is one of the key recommendations:

  • Using deception to confuse and mislead adversaries regarding the information they use for decision making, the value and authenticity of the information they attempt to exfiltrate, or the environment in which they are operating.1

PacketViper embraces this philosophy and extends it beyond traditional deception solutions by applying these techniques to not only the inside of the organization but to the perimeter as well.  Being in-line and operating at wire-speed not only allows Packetviper to deceive as to the actual services and systems available, but to initiate adaptive responses.  Up to and including applying the IOC harvested in real-time to block further activity on the part of the attacker.

By thwarting attackers very earlier in the Cyber Kill Chain®, our customers avoid getting into the attackers “opportunity funnel” to begin with.  Avoiding making this first-cut has both cost-saving and force-multiplier effects throughout the log, alert, analyze food-chain.

In another NIST Special Publication (800-160 vol. 2), Systems Security Engineering, deception is included as one of 14 techniques in the cyber resiliency engineering framework. Volume 2 addresses cyber resiliency considerations for two important, yet distinct communities of interest:

  • Organizations conducting new development of IT component products, systems, and services; and
  • Organizations with legacy systems (installed base) currently carrying out day-to-day missions and business functions.2

All deception technologies can be an important way to identify gaps in existing security detection tools, but whether deployed in legacy, virtual, or cloud infrastructure PacketViper can provide a lightweight deception capability that:

  • Is unobtrusive
  • Avoids needing a team of threat analysts
  • Doesn’t require complex SOAR integrations
  • Has minimal on-going maintenance
  • Delivers heavy-weight preventative results.

Check out these NIST publications:

  1. https://csrc.nist.gov/publications/detail/sp/800-171b/draft
    Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High-Value Assets
    Authors:  Ron Ross (NIST), Victoria Pillitteri (NIST), Gary Guissanie (IDA), Ryan Wagner (IDA), Richard Graubart (MITRE), Deborah Bodeau (MITRE)
  2. https://csrc.nist.gov/publications/detail/sp/800-160/vol-2/draft
    Systems Security Engineering: Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems
    Authors: Ron Ross (NIST), Richard Graubart (MITRE), Deborah Bodeau (MITRE), Rosalie McQuaid (MITRE)

Contact PacketViper to protect against cyber attacks. Get up and running with deception quickly and cost-effectively.