Your questions about deception technology in cybersecurity, answered.
What exactly is deception technology and how can it play a vital part in your cyber defense?
In a recent conversation with Michael Meyer, Chief Risk Officer (CRO) and Chief Security Officer (CSO) at MRS BPO, SecureWorld covered the wide world of deception technology and cybersecurity.
Meyer was presenting as part of the SecureWorld Virtual Conference series. The following is an excerpt of his fireside chat:
1. How do you define deception technology?
"The old word for deception technologies is honeypot. But honeypots became ineffective because people weren't really breaking into firewalls anymore; sending malware based emails was a hell of a lot easier. Deception technologies have changed radically to account for this particular change and attacker tactics, and all the different variances before people would go after networks.
But now there's IoT, there's medical devices, there's all sorts of different types of servers, PCs, all sorts of different computers. The old technology really no longer applies. So we need something now radically new to address all of these very threats that are out there and are currently, we're facing every day."
2. What makes deception technology different than other technologies?
"One of the big challenges in security, and we hear this all the time, that, 'there was some breach and the hackers were there for, you know, what, four months, five months, six months undetected' because these guys were able to come in and work around all the existing tools and technologies and they wrote custom malware. Attackers have gotten really smart. And they're not, you know, really one size fits all. So deception technologies is one of those technologies that lets us level the playing field.
Deception technology allows us to be spies and put spies all over our own network in a way that attackers can't see. We have the opportunity to level the playing field, to put all these different trip wires all over our networks, all throughout different things to see if someone goes through and you catch them."
3. Why is deception technology important for security?
"Devices are proliferating, literally out of control. We see it on our networks. And it's becoming harder everyday to manage it. And let's face it, a lot of the AI solutions out there now, they're not that good. Maybe in the future they will be. So deception technology, again, is our only way to level the playing field against the attackers. It is our secret sauce. It's our spy versus spy."
4. How do you implement deception technology?
"It kind of depends on how complex you want your deception to be. And also how often you want this to change. Some of the newer deception technologies have ones that now kind of morph, and now actually change on their own, which is just amazing to be able to do that. But for a lot of us, we may not need the latest and greatest deception technology. Deploying this technology could be as simple as one PC in a given area. It could be as simple as a program on a given system."
5. What are lessons learned from deception tech in security?
"Like most of us, we have various scans in our network. They go through and we look at different files. We look at different versions of things. We're always looking through our network, we're looking to make sure people didn't leave a file where they shouldn't have where a file contains information that it shouldn't. So we have these different scans.
So we deployed a deception technology, and we forget to change one of our scans. So our scan went through and it hit all of these trip wires across our company.
We saw literally an enormous number of devices, all of a sudden get tripped. And we're like, 'wow, this is either the most amazing software out there, or we made a mistake.' So, please, when you deploy it, make sure you've adjusted your entire environment to compensate."
Join in on the learning and collaboration with your security peers through our series of Virtual Conferences for timely and relevant presentations and interviews.