For VendorsBlog

Deception Techniques and Honeypots

Deception Techniques and Honeypots

Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.

Deception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.

Traps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.

Upon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.

Internet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.

Integrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.

Medical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.

Specialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.

The most popular products in category Deception Techniques and Honeypots All category products

TrapX DeceptionGrid platform
10
18
TrapX DeceptionGrid platform from SOFTPROM
10
14
Attivo Networks ThreatDefend Platform™
6
8
CyberTrap
14
4
Cymmetria’s MazeRunner
14
14
Xello Deception
19
4
GuardiCore Centra Security Platform
5
7
Illusive Networks Deception Platform
1
4
Acalvio Shadowplex
12
12
Fidelis Elevate
5
1
IllusionBlack
18
2
Ridgeback Interactive Deception
9
7

Compare of products in the category Deception Techniques and Honeypots

Please turn the screen for optimal content display

Compare: Deception Techniques and Honeypots

Characteristics

Deception Tokens (fake OS platforms)

Web App integration

C&C detection

Detecting attacks in stages

Detection of MITM

Emulated traps

Industry-specific lures

NAC integration

Full OS traps

SIEM Integration

Endpoint integration

EDR

Orchestration

Active Directory

Built-in correlation

Built-in ticketing

Sanbox integration

Database

Shared resource

Firewall

IDS

IPS

POS

ATM

SCADA

IoT

Clouds

Using client images

Open API for integration

Botnet detection

Automatic code analysis

Custom trap builder

REST API

Built-in Reporting

  • Windows
  • Windows
  • Linux
  • Mac
  • Windows
  • Windows
  • Windows
  • Windows
  • Windows
  • Windows
  • N/A
  • Windows
  • Windows
  • Linux
  • Mac
  • iOS
  • Windows
  • Linux
  • Mac
  • Windows
  • Linux
  • Active reconnaissance
  • Lateral movement
  • Exfiltration
  • Active reconnaissance
  • Lateral movement
  • Exfiltration
  • Active reconnaissance
  • Lateral movement
  • Active reconnaissance
  • Lateral movement
  • Exfiltration
  • Active reconnaissance
  • Lateral movement
  • Exfiltration
  • Active reconnaissance
  • Lateral movement
  • Exfiltration
  • Active reconnaissance
  • Lateral movement
  • Exfiltration
  • Active reconnaissance
  • Lateral movement
  • Active reconnaissance
  • Lateral movement
  • Active reconnaissance
  • Lateral movement
  • Active reconnaissance
  • Lateral movement
  • Exfiltration
  • Active reconnaissance
  • Lateral movement
  • Exfiltration
  • Lateral movement
  • Exfiltration
  • AWS
  • Azure
  • OpenStack
  • AWS
  • Azure
  • OpenStack
  • SaaS available
  • GCP
  • AWS
  • Azure
  • OpenStack
  • SaaS available
  • Yes
  • N/A
  • AWS
  • Azure
  • OpenStack
  • SaaS available
  • N/A
  • N/A
  • N/A
  • Yes
  • AWS
  • GCP
  • AWS
  • Azure
  • Yes
Found mistake? Write us.

F.A.Q. about Deception Techniques and Honeypots

Why Use Deception Technology?

Early Post-Breach Detection

No security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.

Reduced False Positives and Risk

Dead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.

Deception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.

Scale and Automate at Will

While the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.

From Legacy to IoT

Deception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.