September 2, 2015 By Jaikumar Vijayan 3 min read

Emerging deception tools and techniques, such as next-generation honeypots and decoy systems, could have a game-changing impact on enterprise security strategies. That’s according to a new Gartner report titled “Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities,” which examined the potential for organizations to use deception as a strategy for thwarting attackers and making it costlier for them to engage in threat campaigns.

Next-Generation Tools

According to Gartner, a new generation of distributed decoy technologies that employ deception as a way to misdirect intruders and disrupt their activities at multiple points along the attack chain are becoming available.

Enterprises should consider implementing such deception as an automated response capability because it represents a sea change in the future of enterprise security, wrote Lawrence Pingree, Gartner analyst and author of the report.

Ideally, the goal should be to implement a capability so that when an intrusion is detected, the threat actors and compromised systems are automatically isolated into a “network deception zone,” Pingree said in the report. They should be “provided with what is equivalent to a hall of mirrors, in which everything looks real, and everything looks fake,” he wrote.

Delay and Deflect

The effort should be to delay attackers and force them to spend more time and effort figuring out what is real and whether to proceed with an attack. Several existing security tools offer deception capabilities or can be relatively easily tweaked to provide a disruptive deception capability, Pingree said in the report.

Examples of specialized distributed decoy tools include those from vendors like Attivo Networks, TrapX, Cymmetria and GuardiCore. Tools from these vendors specialize in deceiving attackers into seeing things that are not there on the network or luring them into believing they have accomplished a task when they have not. Some tools, for instance, create fake systems and network components that look and act exactly like real assets.

Existing Tools for Enterprise Security

Deception can be implemented with existing tools, as well. For example, firewalls with blacklists, intrusion prevention, URL filtering and similar capabilities can be set to transport connections from known malicious hosts to network emulation services or to deception decoy services within the enterprise network.

Standalone intrusion prevention appliances from vendors like IBM, Cisco, HP and Intel can similarly be leveraged to implement deceptive measures at the network protocol layer. Even basic measures like TCP tarpits — where a device responds appropriately to a TCP handshake request but never opens a connection — continues to be an effective response to mass TCP port scans.

Similarly, endpoint protection and endpoint detection and response tools can be leveraged to implement deception at the malware host layer, Pingree said. For example, an unknown binary could be deceived into believing it is operating within a virtual environment, or it could be forced to go dormant by emulating processes that look like several versions of antivirus are running on the host.

Attack Chain

Deception technologies and techniques can be deployed along the entire attack chain, Pingree said. During the reconnaissance stage when an attacker might be scouting the network, deception can be used to provide the attacker with false information on the topography and the assets on the network.

Similarly, during the weaponization stage, when an attacker is figuring out what tools to use in an attack, deception can be used to delay the attacker’s tool selection process, the report noted. Suspicious software could be forced to run for longer periods of time in a sandbox environment, or false information pertaining to the operating system and application could be fed to it. Deceptions can similarly be employed at the malware delivery, installation and exploit stages.

By 2018, expect to see 10 percent of all enterprises use such techniques, the report predicted. Factors that could inhibit adoption include fear of false alerts and deception believability. But should vendors continue to develop these tools and organizations evolve their security strategies, enterprise security can be in a better position to protect against attacks.

More from

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today