All War is Deception

Deception is the best offense against cyber crime.

FacebookTwitterLinkedIn
All War is Deception

 

In Sun Tzu’s inimitable Art of War, he observes,

“All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive.”

It seems improbable but Sun Tzu could not have been more prescient about the nature of warfare, and contextually, the war on cyber crime. At no time in recent history has the need to go on the offense to protect vital corporate assets been more urgent. And the best offense, it appears, is deception.

Deception technology is not a new area in the war against cyber crime. More than a decade ago, many IT security teams relied on what was euphemistically called ‘honeypots’ to deceive would-be hackers into a trap, away from corporate networks.

Honeypots never gained significant traction because they were simple network emulation tools and as such, not very authentic. It wasn’t difficult for a motivated hacker to detect and avoid them.

In many ways, honeypots are not dissimilar to modern deception technology. Both are designed to act as decoys to lure hackers through misdirection, delays and ambiguity. But the similarities end there.

Modern deception technology seeks out attacker engagement with high interaction and authenticity, and is designed for the anticipating attacker.

Deception technology identifies an attacker when they exhibit the behaviour of simply falling for said deception. For example, trying to interact with a fake web server that no one with a legitimate business purpose is using.

How deception works

Deception is a form of active defence but is not aggressive in posture. It involves engaging the attackers instead of simply trying to block or get rid of them.

Effective deception forces the attacker to alter their behaviour. There is no reward pursuing the attack against the victim if the cyber criminal has to expend significant energy and resources with nothing to show for it. The deception makes life harder and less profitable for the attacker but easier for the enterprise to detect and contain.

In essence, deception technology seeks to understand the attackers’ motivation and exploit their vulnerabilities in three ways:

1. Setting the trap

Fake host and system information is deliberately disseminated to bait attackers. The information is sufficiently attractive to lure these criminals to a decoy server (trap) away from the legitimate network assets and production systems.

2. Taking the bait

Since only the attacker has the fake information, it serves as a high-fidelity marker of his movements and activities on the decoy server.

3. Capturing the attackers

Once inside the decoy, the attacker is now ‘captured’. Security analysts can analyse what systems or hosts were potentially compromised, vulnerabilities, external command and control servers, and other red flagged network components.

Continuous threat detection

According to Gartner analyst Peter Firstbrook, deception technologies are “the most advanced approach for detecting threats within a network”, and one of its Top Technology Security Trends in 2017.

With security breaches becoming more brazen and aggressive, conventional prevention-based security solutions are no longer seen as a reliable bulwark against today’s cyber threats.

New deception technologies offer IT security personnel a powerful, automated weapon to detect network intrusions - all without requiring additional IT staff to manage the solution.

By adding deception to endpoints and decoys with high interaction traps, engagement servers, and luring techniques, organisations gain accurate detection of initial reconnaissance and harvesting of credentials, along with the offensive advantage to reveal attacks early.

For example, modern deception-based threat detection such as those from Attivo, are so powerful they can turn user networks, data centres, cloud, remote offices into traps. Even specialty environments such as IoT, ICS-SCADA, point-of-sale, telecom, and network infrastructure systems can serve to confuse, misdirect, and reveal the presence of attackers.

Deceptions add a powerful, pre-emptive, defensive solution against advanced attacks without the need to launch a counterattack. Organisations who are already or looking to using advanced security technologies such as endpoint or next-generation firewall solutions should incorporate deception into its strategy for an extra layer of automated protection.

As Sun Tzu notes, “The supreme art of war is to subdue the enemy without fighting.”

Speak to a Singtel security advisor today.

You may also like

Organisations with managed connectivity and cloud-delivered SSEShare
Mar 2025 | -
cybersecurity
Securing organisations with managed connectivity and SSE
This infobrief explores how managed connectivity and cloud-delivered Secure Service Edge (SSE) can protect IoT and mobile-enabled organisations, highlighting the importance of robust security solutions to safeguard devices, data, and networks in an increasingly connected world.
Hackers are adapting to the quantum age. Is your cyber security ready? Share
Mar 2025 | -
cybersecurity
Hackers are adapting to the quantum age.
As quantum computing advances, hackers are evolving their tactics to exploit future vulnerabilities. Traditional encryption methods may soon be obsolete, leaving sensitive data at risk. This infographic explores the emerging quantum threat landscape and how organisations can adopt quantum-safe cyber security strategies to stay protected.
Secure next-gen connectivity for enterprises with Unified SASEShare
Mar 2025 | -
cybersecurity
Next-gen connectivity for enterprises with Unified SASE
Singtel Unified Secure Access Service Edge (SASE) Convergence powered by Palo Alto Networks Prisma Access, enables enterprises to harness the power of next-generation connectivity with a cutting-edge solution designed for speed, security, and simplicity. Read on to learn more.