In a Q&A in Tech Republic, senior systems administrator and freelance technical writer Scott Matteson walks through the role of deception technologies in cybersecurity defenses with Tushar Kothari, CEO of Attivo Networks.
Intended as a supplement for existing cybersecurity strategies, the deployment of deception technologies “tricks threat actors into revealing their presence with authentic, high-interaction decoys that blend seamlessly into the production environment,” Kothari told Tech Republic. “As soon as an attacker attempts to scan the network, steal credentials, or move laterally, the deception platform raises a high-fidelity alert, reducing dwell times. From there, defenders can remediate or safely let the attack play out and collect company-specific threat intelligence to strengthen their defenses.”
This open set of options generates much of the value in deception technologies, as it helps reduce the number of people needed to actively respond, reserving resources for more critical actions, while also providing more details on the attacker’s techniques and technologies. In comparison, for the majority of attacks where deception technologies aren’t deployed, Kothari notes “Conversely, even when defenders successfully disrupt attacks, they often gather little useful data to remediate the attack fully and protect themselves should the attacker return. This lack of adversary intelligence makes it very difficult (if not impossible) to verify that defenders have removed the attacker’s foothold within the network or prepare for subsequent attacks.”
