Deception Technology is a novel approach to cybersecurity that is designed to prevent a cybercriminal from infiltrating a computer network. It beats malware at its own game by deceiving it to defend the enterprise against it.
As per Gartner, 10 percent of enterprises are set to adopt deception tools and tactics this year and actively participate in deception operations against attackers. Deception technology products create deception decoys/traps that mimic the working of legitimate IT assets throughout the network. These decoys then run in a virtual environment or a real operating system to trick the cybercriminal into thinking that they have found a way to steal credentials or escalate privileges. Once a cybercriminal hits a trap, deception server is notified, with details around target records and type of attack vectors.
Multiple organisations have developed products based on this technique to improve cyber-security. For example, TrapX offers emulations i.e. fake assets that look and act identical to real assets, intermingled with genuine IT resources in an enterprise network. When attackers reach an emulation, a high-confidence alert is triggered and the attack can be mitigated based on its identification. Similarly, WatchPoint has developed a product line of HackTraps which gives an administrator the ability to setup different traps in numerous locations throughout the network. Something as simple as a DocTrap named “Company Passwords.docx” placed in a shared network can prove to be a very simple yet sophisticated HackTrap.
On the other hand, Smokescreen’s deception platform detects various forms of cyber-attacks like reconnaissance, spear phishing, lateral movement, stolen credentials and data theft. Similarly, Israel-based Illusive Networks lays out a deceptive layer over entire network. The decoys can be data, servers, applications, devices and hosts. The moment the attacker tries to hack onto one of the decoys, he/she is seamlessly transferred to a virtual network separate from enterprise network and investigations and forensics follow.
Deception Technology vastly improves upon existing security but it is not designed to replace existing antivirus or firewall. Instead, it can be more effectively used as another layer of network protection to track and trap those cybercriminals who have breached cyber-defenses and able to penetrate the organisation's network.