What is Deception Technology

Published on 18 September 2024
6 min read
Basics
What is Deception Technology

What is Deception Technology?

Cybersecurity complexity is at an all time high, as most organizations have invested into various domains of cyber defense and their corresponding tooling. But despite all the investment and technology advances attackers are still succeeding in compromising organizations of all sizes and remaining undetected for long periods of time while they extract company secrets, take control of systems and encrypt data for ransom.

Cyber deception is a disciple where the intent is not to take the traditional route of preventing and blocking cyber threats, but instead modifying the perception of the attacker to deter, detect and ultimately defuse the threat. (pun intended!)

Deception technologies, then, are just packaged cyber deception products which make it easy for security teams to deploy cyber deception capabilities into their own infrastructure. Cyber deception helps security teams fight back against adversaries by creating enticing decoy assets, decoy systems and many other deception techniques within their network that attackers just can’t resist interacting with. These attacker interactions generate high fidelity alerts that the security team can use to detect, analyze and remediate threats as early in the attack chain as possible.

These decoy assets act as bait and provide coverage of the detection blindspots in more traditional security measures like AV, EDR or network security solutions. Threat actors today often rely on obfuscating their attack by using evasion techniques, legitimate system tools and more - but deception technology is a natural antidote against these types of technique. Furthermore, they help draw the adversaries attention away from real assets, making the cyber attackers waste their time and effort against decoy systems.

The decoys are highly effective as regular users within your organization don’t need to interact with them so any interactions are automatically suspicious. This helps detect a wide range of attacks from a malicious insider probing around the network to a sophisticated threat actor attempting to move laterally from a compromised system. The high fidelity of deception technology alerts sets it apart from other solutions and leads to better security outcomes as less time is wasted chasing down false positives.

How does Deception Technology Work?

Decoy systems, the deployable part of deception technology, are set alongside existing production systems - and from the attackers perspective are indistinguishable from real systems. As well as looking just like other systems they can emulate vulnerabilities that make them a very attractive target for attackers looking to compromise production systems or move laterally in the environment.

In addition to acting as the “canary down the coalmine” for attacks, the traditional threat detection perk, they can also be used to divert threat attacks away from critical systems, slowing down threat attacks using fake data and provide valuable information about attackers and their techniques. This latter benefit can be used to not only remediate attacks but provide intelligence that can inform your patching priorities and security investments. When you add integrations into the mix, deception technology can very much act as a valuable data source for existing tooling, making deception technology also a catalyst of sorts for various other cyber security workflows, not just threat detection-related domains.

In the past deploying decoy systems has been a resource intensive activity for security teams who have struggled to manually deploy, maintain and utilize broader deception technology capabilities. Defused has removed the complexity with a SaaS-based Deception Technology solution that deploys in minutes, scales to meet the needs of any organization and has almost zero learning curve. Defused uses advanced dynamic decoys that remove the need to constantly create new virtual machines so security teams can spend their time mitigating threats and not deploying decoys. Defused also supports multiple different deception techniques, not only being confined into the network security domain. As mentioned, deception technology has the capability to touch almost any cyber security domain, and it is a driving truth in our vision when developing Defused functionalities further.

Where does Deception Fit in My Security Strategy?

Cyber deception technology touches multiple areas of security, including but not limited to SOC functionalities, vulnerability management, data security, identity, incident response and practically any other area of cyber defense where threat detection & threat intelligence can provide meaningful signals into. At it’s root, deception platforms are a way to source high-quality data from attacks, generate valuable insights, learn attacker techniques, be alerted to malicious activity as early as possible - and even provide a toolset for threat hunting purposes. Where any kind of security measure can be applied, a cyber deception application can usually be built. Cyber threat intelligence doesn’t need to be only externally sourced - a decoy system placed in your internals can provide some very acute and valuable insight into a technique you might not be monitoring for at all, like an insider threat vector!

Cyber deception technology is also part of a defense in depth strategy and don’t replace the need for traditional endpoint or network security solutions. Instead they compliment them by providing visibility of when attackers evade traditional detection solutions and high fidelity alerts that reduce dwell time and alert fatigue while providing valuable context on the tactics, techniques and procedures (TTPs) that are being used in your environment. \ Every organization can benefit from using deception technologies as part of their security stack to provide post exploitation detection coverage, unmask hidden threat actors within their network and break attack chains that would otherwise impact the organization. With Defused cyber deception technology you get an easy to deploy, low maintenance and high fidelity security solution that helps you stay ahead of cyber attacks no matter where they originate.

Ready to try Deception?

Cyber threats are changing in nature, and a big part of a good defensive cyber deception solution is providing what information security professionals need at any given time. The new Defused Starter plan includes access to the Defused VM, and a limited set of decoy system templates available in our capabilities store - for completely free!

If you are interested in trialing Defused deception technologies and seeing just how easy it is to enhance your visibility into attacks then visit https://console.defusedcyber.com/signup/ - you could be running your own deception platform instance and stopping attacker activity within the next hour!

Visit our other blog articles for more cyber deception research.