Internal and external cyber deception technology together is not your traditional approach to deception, nor to security in general. Since the days of honeypots, cybersecurity experts have utilized deception as a way to protect the network interior. Threat detection at the network perimeter, on the other hand, has seemingly been the role of firewalls. Deception on the inside, welcoming and trapping attackers, and firewalls at the perimeter, preventing traffic, have had opposing roles in early cybersecurity strategies. In cybersecurity deception, perimeter and interior network security have not been used hand-in-hand because of their traditional and seemingly contradictory roles.
Internal and External Deception Working Together
Think about attackers’ behaviors. What if we could take cyber deception technology that detects threats on the interior network and combine it with external deception that detects threats at the perimeter? It would be the best of both worlds!
We know that at the edge of the network attackers are always scanning and attempting to enter. Plus we know that they must use compromised systems to stay anonymous. As such, attackers do not attack from their own systems in an effort to preserve anonymity. Constant movement, recruitment of assets and anonymity are the lynch pins of their success. The attackers start with reconnaissance repeating the process endlessly. Attackers scan and hopefully the firewall drops the attack. The drop log goes into the SIEM. Finally each log adds to the complexity of the log data ever so slightly making it harder to find the meaningful logs, not to mention the add-on to the monthly expense for consumption-based SIEM models.
Consequently at PacketViper we advocate extending lightweight decoys to the network edge as well as to the interior for the purpose of using deception to detect and deceive threats, harvest their intelligence and apply it at wire speeds. This exhausts the attacker’s resources, drawing out their compromised systems in real-time, stops the attack and mitigates risk. Use deception tools as an alternative in your threat detection initiative or as a complement to other approaches. At the very least, take if for a test run and see how easy and lightweight it is to manage.