Within three years, 10% of enterprises will use deception tools, tactics and operations to defend against cyber attackers, research firm Gartner has predicted.
A growing number of security experts believe that creating multiple environments, phony documents and other fake systems could help trip up an attacker and drive up the cost and effort of carrying out attacks.
“Although still nascent, deception as a defence strategy against attackers has merit and can be an attractive new capability for larger organisations desiring advanced threat detection and defence solutions,” according to the report entitled Emerging technology analysis: Deception techniques and technologies create security technology business opportunities.
“CISOs today find themselves at war with an increasingly capable enemy. Attacker techniques have evolved to defeat traditional perimeter and endpoint security layers – the traditional defence-in-depth approach to network security simply isn’t working,” said Carl Wright, executive vice-president and general manager of deception-based cyber defence firm TrapX Security.
“Deception has always been key to warfare, and deception technology can change the fundamental economics of cyber defence, shifting costs from defender to attacker, while denying them freedom of movement on the network,” he said.
Wright welcomed Gartner’s recognition of deception technology as a new category of defence.
Deception technology, like TrapX’s DeceptionGrid, relies on emulations or fake assets that look and act like real assets. These fake assets are intermingled with actual information technology resources at scale in an enterprise network, and the instant attackers touch an emulation, a high-confidence alert is triggered and the attack can be compartmentalised.
According to TrapX, DeceptionGrid provides deep forensic analysis and delivers a comprehensive assessment directly to an organisation’s security operations team, providing a level of situational awareness and visibility not seen previously in sensor-based security systems.
Like defence-in-depth strategies, deception technologies can be applied at all stages of cyber attack, from reconnaissance to attacker command and control actions to cripple advanced threats faced by business.
“Deception solutions are emerging to play a greater role in the future of enterprise threat defence,” Gartner analyst Lawrence Pingree wrote in the report. “Detection is often a prerequisite to higher-quality deceptions. However, use of deceit in the enterprise is beginning to be used to actively thwart or ‘black-hole’ malware botnets, threat actors and suspicious connections.”
The Gartner report noted that many organisations do not understand the concept of threat deception. “Educating security buyers on its usefulness will be crucial to furthering adoption of deception technologies and concepts,” the report said.
Gartner recommends that product managers should examine how threat deception techniques can be used to enhance their existing threat defence capabilities against advanced adversaries.