DECEPTION TECHNOLOGY

The aim of deception technology is to prevent a cybercriminal that has managed to infiltrate a network from doing any significant damage. The technology works by generating traps or deception decoys that mimic legitimate technology assets throughout the infrastructure. These decoys can run in a virtual or real operating system environment and are designed to trick the cybercriminal into thinking they have discovered a way to escalate privileges and steal credentials.

Once a trap is triggered, notifications are broadcast to a centralized deception server that records the affected decoy and the attack vectors that were used by the cybercriminal.

Talk to our security experts

Use Of Deception Technology

  • Early Post-Breach Detection
  • No security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold on your network. From here you can monitor and record their behavior secure in the knowledge that they can do no damage on your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.

  • Reduced False Positives and Risk
  • Deception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.

  • Scale and Automate at Will
  • While the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.

The Importance of Dynamic Deception

One of the most important requirements for successful deception technology implementation is that it must stay indistinguishable and fresh to the attacker. If the attacker suspects, they are being deceived they will do what they can to evade traps and scale up their efforts in getting to your real assets.

  • At the protected site, Site Recovery Manager shuts down virtual machines cleanly, if the protected site is still running.
  • Site Recovery Manager powers on the replicated virtual machines at the recoverysite according to a recovery plan.
  • A recovery plan specifies the order in which virtual machines start up on the recovery site. A recovery plan specifies network parameters, such as IP addresses, and can contain user-specified scripts that Site Recovery Manager can run to perform custom recovery actions.
  • Site Recovery Manager lets you test recovery plans. You conduct tests by using a temporary copy of the replicated data in a way that does not disrupt ongoing operations at either site.

As attack vectors become increasingly complex, organizations need to be able to detect suspicious activity earlier in the attack chain and respond accordingly. Deception technology provides security teams with a number of tactics and resulting benefits to help:

  • Decrease attacker dwell time on their network
  • Expedite the average time to detect and remediate threats
  • Reduce alert fatigue
  • Produce metrics surrounding indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs)

Supercharge your product team

Get started for free with all core analytics features and 10 million user actions per month