Image Credit: Brian Klug
Every CIO realizes that a key part of their job is to find ways to keep the bad guys out of the company’s networks. To do this we invest a great deal of money and time in setting up fire walls, implementing two-factor verification, and a host of other security features. However, I think that we all have to agree that despite our best efforts there is always the possibility that the bad guys may find a way to get into our networks. If that happens, what can we do? Some CIOs think that they may have found an answer.
Trying To Set A Trap
CIOs at an increasing number of companies are looking at a new and innovative approach to deal with the hackers that are able to break into their computer networks. What they are doing is to luring cybercriminals into thinking they’re getting close to the good stuff that they came looking for – and then they trap them. An example of this kind of operation is technology that can deploy an array of decoys and booby traps throughout a company’s networks. These decoys mimic crucial information, to convince the hackers that they have gotten access to the company’s crown jewels. Once any of the decoys are either accessed or probed in any way, a centralized console alerts the network security team, so they know to start investigating the source of that activity. The goal is for the team to contain the intruder.
This method is known as deception technology and it is starting to gain momentum as cyberattacks become more sophisticated, and the world simultaneously moves to both less-secure work-from-home models and cloud computing. This new method doesn’t attempt to bar intruders from getting in, like firewalls do. Instead, deception technology primes the network by scattering fake information – things like false credentials that can be used to access vital information – throughout a company’s network in order to lure attackers. When the false information gets tampered with, the company is alerted and can choose to either kick out the bad guys or isolate them from the rest of the network to study their methods. The ultimate goal would be to better identify them in the future.
CIOs realize that deception technology is the evolution of another idea called “honey pots”: these are fake servers that mimic a company’s actual server. They sit passively and just wait for an attacker to arrive. The problem with these types of baits is that they allow security teams only to monitor and learn the behavior of bad actors once they attempt to move closer to high-value targets. Studying patterns is useful, especially if that intelligence can be fed into a machine-learning system to adapt to hackers’ tricks; however, it doesn’t capture the attackers. These honey pots can be linked together into a sophisticated network which is called a honeynet to make them even more effective, However, doing so isn’t cheap. A customer could pay up to $1 million in subscription fees alone for such a setup plus you have to hire human monitors which will boost the price substantially.
Enter Deception Technology
Now deception technology has arrived. Unlike the older honey pot technology, it isn’t just designed to study attackers, but it can stop them outright. As soon as a hacker interacts with a decoy that has been set, an alarm is raised, and the cybersecurity team can go into active-defense mode, isolating attackers or ejecting them before they have escaped with any valuable property. Since deception technology operates within the main network and requires very little hardware or infrastructure to implement, the good news for CIOs is that it can be a much more cost-effective solution.
The problem that simplicity brings more risk to a company’s networks. Since deception technology has to live inside the main network, there is always the chance that hackers who are inside could get their hands on the company’s real assets instead of its decoys. The way to deal with this issue is to couple a deception system with more traditional defenses like firewalls, encryption, anti-malware solutions and authentication systems. The goal of solutions like this is to keep attackers out of your networks in the first place.
CIOs need to realize that defenses like deception technology are only one component of a complete security strategy. This new technology is more widespread than many assume, especially in highly regulated industries like banking, insurance and government. CIOs have to realize that attackers are both agile and fast. They have been adapting to the new-normal and are taking advantage of remote workers and new security gaps. When a company’s security analysts can focus on real threats that have been detected through deception technology, they end up wasting less time chasing false alarms. Every CIO realizes that a quicker response means reduced potential loss.
What All Of This Means For You
One of a CIOs most important jobs is to keep the company’s networks secure. This task is made all the more difficult by the number of people who attempt to break into a network and the rapid advance of technology that they can use to do so. Although many defenses may have been put in place to keep the bad guys out, there is always the possibility that they will be able to breech your walls. If they get in, you are going to need to have some additional defenses. deception technology might be just what you are looking for.
Deception technology allows a CIO to set traps for hackers who have broken into their networks. The technology deploys an array of decoys and booby traps throughout a company’s networks which once accessed or probed in any way alerts the network security team. This new technology won’t keep hackers out of your network, but it may provide you with a way to deal with them once they have found their way inside. Honey pot solutions have been deployed to do the same thing, but they are costly and may not provide the same level of security. Deception technology allows CIOs to stop hackers in their tracks. This new technology should be deployed in conjunction with existing security services that are designed to keep the hackers out.
The security threat landscape is constantly changing. CIOs understand this and we are always looking for new ways that we can adapt to new threats. The arrival of deception technology presents us with a formidable new weapon to use in securing our networks. We need to understand what we can do with this tool and what role it can play in our total security plan. Our networks may not be completely secure, but we now have one more tool that we can use to capture the bad guys if they get in.
– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™
Question For You: What action should a security team take if an intruder is detected in the network?
Click here to get automatic updates when The Accidental Successful CIO Blog is updated.P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!
What We’ll Be Talking About Next Time
CIOs send a great deal of our time trying to secure the company’s networks. We invest in firewalls, two-factor authentication systems, and lots and lots of training for everyone in the company. However, nothing is ever perfect and despite our best efforts, there is still the possibility that hackers are going to be able to successfully gain unauthorized access to our networks. If that happens, CIOs are going to have to make some decisions about how they want to react. Lashing out at our staff whom we blame for allowing the breech to happen is one possibility, but probably not the best idea. What should a CIO do after the worst has happened?