September 2, 2015 By Jaikumar Vijayan 3 min read

Emerging deception tools and techniques, such as next-generation honeypots and decoy systems, could have a game-changing impact on enterprise security strategies. That’s according to a new Gartner report titled “Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities,” which examined the potential for organizations to use deception as a strategy for thwarting attackers and making it costlier for them to engage in threat campaigns.

Next-Generation Tools

According to Gartner, a new generation of distributed decoy technologies that employ deception as a way to misdirect intruders and disrupt their activities at multiple points along the attack chain are becoming available.

Enterprises should consider implementing such deception as an automated response capability because it represents a sea change in the future of enterprise security, wrote Lawrence Pingree, Gartner analyst and author of the report.

Ideally, the goal should be to implement a capability so that when an intrusion is detected, the threat actors and compromised systems are automatically isolated into a “network deception zone,” Pingree said in the report. They should be “provided with what is equivalent to a hall of mirrors, in which everything looks real, and everything looks fake,” he wrote.

Delay and Deflect

The effort should be to delay attackers and force them to spend more time and effort figuring out what is real and whether to proceed with an attack. Several existing security tools offer deception capabilities or can be relatively easily tweaked to provide a disruptive deception capability, Pingree said in the report.

Examples of specialized distributed decoy tools include those from vendors like Attivo Networks, TrapX, Cymmetria and GuardiCore. Tools from these vendors specialize in deceiving attackers into seeing things that are not there on the network or luring them into believing they have accomplished a task when they have not. Some tools, for instance, create fake systems and network components that look and act exactly like real assets.

Existing Tools for Enterprise Security

Deception can be implemented with existing tools, as well. For example, firewalls with blacklists, intrusion prevention, URL filtering and similar capabilities can be set to transport connections from known malicious hosts to network emulation services or to deception decoy services within the enterprise network.

Standalone intrusion prevention appliances from vendors like IBM, Cisco, HP and Intel can similarly be leveraged to implement deceptive measures at the network protocol layer. Even basic measures like TCP tarpits — where a device responds appropriately to a TCP handshake request but never opens a connection — continues to be an effective response to mass TCP port scans.

Similarly, endpoint protection and endpoint detection and response tools can be leveraged to implement deception at the malware host layer, Pingree said. For example, an unknown binary could be deceived into believing it is operating within a virtual environment, or it could be forced to go dormant by emulating processes that look like several versions of antivirus are running on the host.

Attack Chain

Deception technologies and techniques can be deployed along the entire attack chain, Pingree said. During the reconnaissance stage when an attacker might be scouting the network, deception can be used to provide the attacker with false information on the topography and the assets on the network.

Similarly, during the weaponization stage, when an attacker is figuring out what tools to use in an attack, deception can be used to delay the attacker’s tool selection process, the report noted. Suspicious software could be forced to run for longer periods of time in a sandbox environment, or false information pertaining to the operating system and application could be fed to it. Deceptions can similarly be employed at the malware delivery, installation and exploit stages.

By 2018, expect to see 10 percent of all enterprises use such techniques, the report predicted. Factors that could inhibit adoption include fear of false alerts and deception believability. But should vendors continue to develop these tools and organizations evolve their security strategies, enterprise security can be in a better position to protect against attacks.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today