How to Implement Deception Technology
Deception technology is a cybersecurity tactic that sets traps for intruders with fabricated versions of valuable assets. Here are the best practices for implementation.
Join the DZone community and get the full member experience.Join For Free
Deception technology is a cybersecurity tactic that involves setting traps for potential intruders with fabricated versions of valuable assets. An organization’s security teams are alerted when cybercriminals are lured by this method.
This approach shortens the time required to detect and mitigate intrusions because security professionals know which network assets have attracted the hackers. Here are some best practices to follow if you’re considering using deception technology in your organization.
Focus on the Most-Wanted Assets
It can be challenging to determine what to protect with deception technology. However, prioritizing what hackers will most likely target is the best option. Put yourself in their position and remember that cybercriminals like to cause maximum disruption.
That might mean they aim to steal proprietary designs from an aerospace manufacturer or a pharmaceutical company’s clinical trial data. Once you decide which assets to protect with deception technology, back up any associated information.
Deception technology aims to trick hackers, but it’s not foolproof. As you determine the most realistic ways to trap cybercriminals, plan what to do to minimize the damage if they find genuinely valuable information. One option is to perform daily backups in the cloud and on physical media. That should prevent hackers from getting the only versions of essential data.
Create a Detailed Action Plan
So many cybersecurity professionals have become interested in deception technology so quickly that some experts warn not to treat it as something to do because it’s trendy. Indeed, a market research report estimates a compound annual growth rate of 14.75% between 2023 and 2028. Although the analysts identified North America as the largest market, the Asia-Pacific region will grow fastest during the specified period.
During a 2023 conference panel, Lewis Woodcock, senior director of cyber operations at Maersk, cautioned that organizational leaders must consider their end goals when using deception technology.
One possibility is to set a time-based recovery point objective — a principle that applies to industries besides cybersecurity. It determines the ideal time required to normalize operations after an incident. Write your action plan with the understanding that recovery varies by sector.
One chemical manufacturer chose only three seconds for the recovery point objective. That was due to the devastating damage that could occur if chemicals spilled from their containers during a disaster.
Woodcock recommended creating an environment that looks real to attackers but then planning what to do after luring them. It’s not enough to catch intruders by deceiving them. People should go further to narrow down their post-detection processes. That will decrease the chances of hackers wreaking havoc due to inadequate mitigation measures.
Understand Your Attack Surface and How Hackers React
Effectively using deception technology requires knowing the vulnerabilities hackers may target. One way to do that is to hire a penetration tester. That expert will examine your network and potential entry points to find weaknesses.
A penetration tester’s report can identify what cybercriminals will likely exploit to access your online infrastructure. You can use that information to develop a strategy for fooling and deterring those intruders.
Robert Golladay, EMEA and APAC director at Illusive, also recommends using machine learning and other advanced options to understand the attack surface. Once deception technology catches a hacker, security teams should act quickly to understand their intentions. That may mean taking screen captures that show which tools the cybercriminal uses or the endpoint exploited for access.
Deploy Deception Technology With Care
As your security team utilizes deception technology, remember that this approach encourages hackers to enter your infrastructure. They’ll likely move around after the initial target attracts them, so you must have well-developed strategies to thwart them and regain control.
Use cybercriminals’ attack methods to highlight areas that need better network security. Then, act swiftly to prevent attacks allowing hackers to access more than the traps you set.
Opinions expressed by DZone contributors are their own.