All War is Deception

In Sun Tzu’s inimitable Art of War, he observes,

“All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive.”

It seems improbable but Sun Tzu could not have been more prescient about the nature of warfare, and contextually, the war on cyber crime. At no time in recent history has the need to go on the offense to protect vital corporate assets been more urgent. And the best offense, it appears, is deception.

Deception technology is not a new area in the war against cyber crime. More than a decade ago, many IT security teams relied on what was euphemistically called ‘honeypots’ to deceive would-be hackers into a trap, away from corporate networks.

Honeypots never gained significant traction because they were simple network emulation tools and as such, not very authentic. It wasn’t difficult for a motivated hacker to detect and avoid them.

In many ways, honeypots are not dissimilar to modern deception technology. Both are designed to act as decoys to lure hackers through misdirection, delays and ambiguity. But the similarities end there.

Modern deception technology seeks out attacker engagement with high interaction and authenticity, and is designed for the anticipating attacker.

Deception technology identifies an attacker when they exhibit the behaviour of simply falling for said deception. For example, trying to interact with a fake web server that no one with a legitimate business purpose is using.

Deception is a form of active defence but is not aggressive in posture. It involves engaging the attackers instead of simply trying to block or get rid of them.

Effective deception forces the attacker to alter their behaviour. There is no reward pursuing the attack against the victim if the cyber criminal has to expend significant energy and resources with nothing to show for it. The deception makes life harder and less profitable for the attacker but easier for the enterprise to detect and contain.

In essence, deception technology seeks to understand the attackers’ motivation and exploit their vulnerabilities in three ways:

1. Setting the trap

Fake host and system information is deliberately disseminated to bait attackers. The information is sufficiently attractive to lure these criminals to a decoy server (trap) away from the legitimate network assets and production systems.

2. Taking the bait

Since only the attacker has the fake information, it serves as a high-fidelity marker of his movements and activities on the decoy server.

3. Capturing the attackers

Once inside the decoy, the attacker is now ‘captured’. Security analysts can analyse what systems or hosts were potentially compromised, vulnerabilities, external command and control servers, and other red flagged network components.

According to Gartner analyst Peter Firstbrook, deception technologies are “the most advanced approach for detecting threats within a network”, and one of its Top Technology Security Trends in 2017.

With security breaches becoming more brazen and aggressive, conventional prevention-based security solutions are no longer seen as a reliable bulwark against today’s cyber threats.

New deception technologies offer IT security personnel a powerful, automated weapon to detect network intrusions - all without requiring additional IT staff to manage the solution.

By adding deception to endpoints and decoys with high interaction traps, engagement servers, and luring techniques, organisations gain accurate detection of initial reconnaissance and harvesting of credentials, along with the offensive advantage to reveal attacks early.

For example, modern deception-based threat detection such as those from Attivo, are so powerful they can turn user networks, data centres, cloud, remote offices into traps. Even specialty environments such as IoT, ICS-SCADA, point-of-sale, telecom, and network infrastructure systems can serve to confuse, misdirect, and reveal the presence of attackers.

Deceptions add a powerful, pre-emptive, defensive solution against advanced attacks without the need to launch a counterattack. Organisations who are already or looking to using advanced security technologies such as endpoint or next-generation firewall solutions should incorporate deception into its strategy for an extra layer of automated protection.

As Sun Tzu notes, “The supreme art of war is to subdue the enemy without fighting.”

Speak to a Singtel security advisor today.