As breaches continue to plague enterprises across the globe, security professionals need to design new strategies to detect and respond to cyberattacks.One of these recently developed methods is utilizing deception technology as a form of cyber defence.Deception technology is used in order to detect the threats inside the network and entice and entrap the attackers into going after decoys and crumbs that don’t have any real data, but rather help alert the security monitoring team to the presence of an intruder.
Benefits of Deception Technology
Deception technology has been gaining traction as a way for organizations to get a view on how attackers are targeting their assets. But because the assets are decoys, it buys time to craft a defensive posture and ensure production systems are well defended. Some of the benefits are:
- Reveal In-network Threats
- Attractive decoys
- Credential lures
- Ransomware bait
- Data deception
- Early and Accurate Detection
- Lateral movement and credential theft
- Ever-changing threat landscape
- Evolving attack surface
- Internal and external threat actors
- Accelerated Incident Response
- Advanced attack analysis
- Substantiated alerts
- Automated incident response
- Threat path visibility and attack visualization
We have an MSSP partnership with the global leader in Deception - Attivo Networks. By leveraging Attivo’s deception technology, we deliver state-of-the-art intruder detection and response capability without a heavy capital expenditure at your end. The key elements of our Managed Detection as a Service approach are:
- Understand your business and risk profile
- Identify currently deployed security technologies
- Determine the ideal deployment architecture
- Deploy on-premises components
- Provision cloud configuration and licenses
- Deliver alerts either via our incident management portal or by integrating with your SIEM
The deployment architecture is flexible depending on the number of networks to be covered, types of decoys to be deployed, and level of response that you are looking for. A sample proposed architecture is shown below:
Here, Attivo'sThreatDirect™ on premise forwarding software at customer site(s) is installed at the client’s premises whereas the AttivoBOTSink hosted in our SOC and integrated with our SIEM. The features that are enabled by this model include: detection of inside network and stolen credential attacks with rapid remediation, detection and limitation of the impact of ransomware attacks, network visibility, hosted malware and phishing attack analysis; provide signatures and tactics, techniques and procedures to ensure attacks are not repeated.
- The Managed Detection as a Service builds on industry leading decoy technology from Attivo Networks.
- The ease of deploying the agent-less Attivo technology results in the ability to demonstrate ROI fairly quickly
- Management of the components, upgrading, configuring policies and optimizing the overall setup is our responsibility
- Our SOC receives alerts and responds within a defined SLA and helps your IT and Security teams resolve incidents
- Finally – and most importantly – attacker Tactics, Techniques and Procedures (TTPs) discovered by our IR teams are used to constantly enhance policy configurations within our SOC to get the most out of the technology stack we use.