Research: Cyber Deception Will Be Standard For Thousands Of Organizations By 2018

Research: Cyber Deception Will Be Standard For Thousands Of Organizations By 2018

Today, almost all organizations have a defense grid of firewalls, IDS/IPS, and SIEMs. This baseline grid will soon include advanced cyber deception elements as well.

Gartner research study predicts that by 2018, 10% of enterprises will use cyber deception tools and tactics – and actively participate in deception operations against attackers. As we see it, there are several good reasons why this prediction will come true.

In the current reality of information security, there are more and more situations in which post-breach security mechanisms are almost the only thing that can stop an attacker. For example, cybercriminals can reach a target’s network by purchasing access to an existing machine already compromised by other criminals, or steal credentials and start moving across the network. Signature-based IPSs can be circumvented, even when backed with behavior analysis capabilities. Also, IPSs might ignore attackers with legitimate credentials. So one of the last options for defense is to give attackers who breach the perimeter a defender-controlled path to follow in the network.

Leveraging attacker behavior

We believe that this prediction is based on the current capabilities and future potential of cyber deception; when defenders focus on the attackers themselves and not just their tools, the defense plan becomes as dynamic as the attackers, finally giving defenders the upper hand.

Contact Us Today for Your Free Demo!

Modern cyber deception tactics allow defenders to increase the opponent’s operational risk and the price of failure. Once deception elements are placed throughout the organization, attackers need to be on guard with every step they take. They must carefully calculate whether the trail they are following, and the target they are moving toward, are at all real – or a carefully conceived trap designed to ensnare them.

Even well-funded organized crime and state actors often have budget and time considerations. Cyber deception can significantly slow down an attacker, and can help ensure that intercepted advanced malware cannot be used again because it has been identified and fingerprinted.

Mitigating attacks

Another advantage that cyber deception gives companies is ease of mitigation: Advanced attackers use more and more methods to cover their tracks, making mitigation and forensic investigation much more complicated. They do so to make sure their malware can be used for as long as possible; so even if it’s detected on a specific network, it can remain active on other targets. Cyber deception tactics can give the defender a complete image of the attack process: tool samples, lateral movement angles, and more. This large amount of data could be shared between industries, in order to evolve the defense grids faster than before.

In the future, organizations themselves will take part in deception operations, with the goal of catching attackers and preventing them from further carrying out their attacks. For example, think about state-generated APTs; many of these target several industries and use the same malware. If just one company catches the attacker, the entire operation’s tools and tactics will be exposed.

Share this:


Scroll to Top