- On 10. Feb 2016
Project plans, designs, customer data: The crown jewels of every company must be hidden from cyber criminals – right? Lay out the bait, it is time to turn the tables and deceive! “Deception” is a new cyber security approach, which well-known market researcher Gartner estimates will be used by 10 percent of all companies by 2018. Let’s say this right away: This is going to be a big catch for your cyber security strategy.
The deception approach uses an old but still upright strategy when it comes to cyber criminality: deceiving. Well, not without a reason “Trojans” are called that way – an allusion to the Trojan horse. Of course, hackers don’t infiltrate it-systems with wooden horses (duh), but with phishing emails, man-in-the-middle attacks and many more. The worst part is: it works because the attacks become more professional every day. An expensive experience, the international aviation industry supplier FACC just made: More than 50 Million Euro were stolen trough a man-in-the-middle attack. The regular process: First, you enter the company network, then you keep track of the communication and finally you get in contact claiming to be one of the company partners, customers or employees. That is how the hackers were able to have FACC arrange money transfers to different foreign bank accounts.
But, what if the hackers were getting false information? When you decide, what an invader can see? Under such circumstances, FACC surely would have been able to prevent that attack (and the loss of a lot of money).
Deception: Fighting a Hacker with his own weapons
Lay out the bait – then we are not talking about passive firewalls and antivirus programs anymore. Deception solutions fight hackers actively with their own weapons. Many technologies, like the modern honeynet CyberTrap from SEC Consult, lure cyber criminals into a highly secured, isolated and controllable trap, disguised as a deceptively genuine looking network. This may sound like a traditional honeypot but it’s far more, the deception solution does everything automatically, so no need for cost-intensive manual creation and management of network copies. In addition, it detects and documents every attack instantly, so no loss of valuable time or important information.
So let’s pretend: Our hacker believes, that he successfully infiltrated our company network. He can literally see the treasure right in front of him – so he starts spreading in the network, leaving backdoors. Well, too bad for him it’s just a trap. But now the show can begin (getting a little bit dramatic over here). We can follow every step our hacker’s taking – till he’s tilting because there is no promised treasure to be found. But that’s not our goal, our goal is to keep the attacker in the trap as long as possible by providing him with small bits of non-relevant information. We not only distract him from his actual goal, but also get to know his behaviour, tools, goals and intentions. What are the motives, tools and goals? How did he get into the system? What kind of backdoors did he install? Who are the clients?
Knowing those answers is our big catch, our treasure of valid data for a steady cyber security strategy. Thus, appropriate and sustainable security measurements can be installed to strengthen the network against future attacks. With this, companies set a high security-bar, making efforts of cyber criminals uneconomic. Therefore, deception solutions like CyberTrap are an ideal addition to the scope of a multi-layer-cyber protection.