Sizing Up Today's Deception Technology episode artwork

EPISODE · Jan 20, 2020

Sizing Up Today's Deception Technology

from Info Risk Today Podcast · host InfoRiskToday.com

Deception technology is evolving as a powerful asset in the cybersecurity arsenal, providing significant advantages in being able to monitor an attacker's behavior, says Joseph Krull, senior analyst at Aite Group.

Episode metadata supplied by the publisher feed · Published Jan 20, 2020

Deception technology is evolving as a powerful asset in the cybersecurity arsenal, providing significant advantages in being able to monitor an attacker's behavior, says Joseph Krull, senior analyst at Aite Group.

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Sizing Up Today's Deception Technology

0:00 0:00
of MATCHES

TRANSCRIPT · AUTO-GENERATED

Hello, this is Nick Holland with Information Security Media Group, and today we're going to be talking about deception tech with Joseph Kroll, who is a Senior Analyst at IT Group. Joseph, thanks for joining me today. So, lots going on, obviously, in deception tech at this point in time, but it's not a new technology in a lot of ways. So, what I want you to, I mean, just frame for the first part of our discussion is, basically, what is it and where does it fit into the broader arsenal of tools that's available for today's organizations when it comes to countering cyber attacks?

So, I first was exposed to deception technologies in 2016, and I was extremely positive about the concepts, the technologies, and the capabilities of deception tech. But what I found were two things that I think inhibited its ability to have an impact on our industry. The first, it was very, very difficult to explain. There were a lot of things about the technology and about the ability to provide this type of embedded deception in the existing corporate networks.

And the second challenge is that the deployment model was not as easy as it could be. I think a lot of folks that understood traditional cybersecurity just could not get their head wrapped around, how do I deploy assets which really are not assets? You know, how do I put documents? How do I put credentials?

And how do I put network assets like endpoints or servers that are emulating real things? And I think it was that they suffered from the inability to properly explain that to the target buyer who had a very traditional outlook about how cyber defense technology should be deployed. Obviously, if they're deployed correctly, they offer some incredible capabilities. And the fact that when you know an attacker gets into the network and they go after one of these deceptive assets or they take a document that is put there specifically for stealing, you know immediately that you've got someone in the network that shouldn't be there.

And then you can start to sandbox them. And most interestingly, you can watch their whole attack scenario without having to shut it down like you would with a traditional defensive technology. But again, I was really, really excited when I first saw it, but then it really just didn't catch on because of the complexities of trying to explain it and sell it. Okay, very good.

So, I mean, it has been around for a while as a concept going back to the days of honeypots and things like that, which were probably pretty straightforward. So, I mean, what technologies are at the forefront today of the evolution of deception tech? What's state-of-the-art as far as you're concerned, Joseph? Sure.

So one of the things you have to do with deceptive technologies, you have to keep them relevant and fresh because the attackers are starting to be able to understand when an organization has deceptive technologies deployed. They look for different activities or signatures, or they look for different behaviors, and they can say, aha. And in some cases, they can actually identify which vendor has provided those deceptive technologies. So today what you have to be able to do is rapidly deploy them across multiple environments.

So I mentioned, you know, documents which are placed there which are bogus that are enticing to an attacker. It could be an endpoint or a server that you're putting there, or it could be just lots of different stuff on the network which would be enticing. One of those things being an active directory instance, which is kind of like the jewel in the crown. When I pivot and I try to escalate my privileges, I want to go after AD.

But the problem today is keeping those things fresh creates a maintenance overhead for the organization that wants to deploy the set of technologies. So what they're trying to do is make these things more dynamic to use technologies that will change the nature of what's deployed on the network. And then it won't be, oh, okay, I see that. I know they're trying to trick me, and I'm going to evade that by doing something else.

They can do this using AI. And, of course, the whole AI in security is a bit of a hype, but this may be one area where AI can give a second or third life to deceptive technologies. More importantly, it could be by using dynamic deployments of having different types of agents or different types of deceptions that are deployed with very little user or administrator overhead. So they're doing these things dynamically on the fly.

So, and then just a final question here, Joseph. I mean, clearly, there's a lot of changes going on, not just in the cybersecurity industry, but in all industries. We talk about, obviously, digital transformation. But we really are on the cusp of some significant changes with things like 5G coming into effect, certainly the degree to which today's organizations are cloud or cloud hybrid.

And then, you know, clearly, there's a significant reliance on third parties for those cloud-based assets, and, in fact, fourth parties, as we have, you know, the third parties, the third parties, and so on. So how is that likely to change the deception tech landscape? In my opinion, it will have limited impact. Deception technologies are really great when you have your own network that you manage and you have your own team.

And let me explain. Deception technologies are really good if you're running a threat hunting team or you have the capability to react to the alerts. If you get the alerts and you're pushing them into your SIEM or you see that someone's hitting something that's a deceptive endpoint, you have to be able to react to that. And if you don't have the skills and you don't have the capabilities, I'm not sure that your, you know, second-tier managed security services provider is going to have that ability to react to that quick enough to allow you to contain that potential breach before they pivot elsewhere.

With regards to cloud, again, there are probably other monitoring technologies that can provide equal to or greater. But deception is just one tool in the toolbox. And I think it's really great for organizations that have already a mature and sustainable and repeatable process to their cybersecurity defenses. It's probably less important for those that have outsourced the teams or just don't have the capabilities to get the full use and the power of what they're buying.

Well, thank you, Joseph. That is Joseph Kroll, who is a Senior Analyst of cybersecurity at IT Group and for Information Security Media Group. I'm Nick Holland.

That Hoarder: Overcome Compulsive Hoarding That Hoarder Hoarding disorder is stigmatised and people who hoard feel vast amounts of shame. This podcast began life as an audio diary, an anonymous outlet for somebody with this weird condition. That Hoarder speaks about her experiences living with compulsive hoarding, she interviews therapists, academics, researchers, children of hoarders, professional organisers and influencers, and she shares insight and tips for others with the problem. Listened to by people who hoard as well as those who love them and those who work with them, Overcome Compulsive Hoarding with That Hoarder aims to shatter the stigma, share the truth and speak openly and honestly to improve lives. The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting! DIOSA. Carolina Sanper This podcast is a sacred space created by Carolina Sanper where you connect with your inner wisdom and embody your magnetic feminine power.It is the realization that the mystical realm is where you plant the seeds of your desired reality.It is a portal to your true essence: awareness, presence, and receiving with ease. Welcome home, DIOSA. 🖤 XXX Tech by SOVRYN Dr. Brian Sovryn The crossroads between technology, sensuality, and metaphysics - and the longest running anarchist podcast in the world! Brought to you by Dr. Brian Sovryn.

Frequently Asked Questions

How long is this episode of Info Risk Today Podcast?

Episode duration information is not available.

When was this Info Risk Today Podcast episode published?

This episode was published on January 20, 2020.

What is this episode about?

Deception technology is evolving as a powerful asset in the cybersecurity arsenal, providing significant advantages in being able to monitor an attacker's behavior, says Joseph Krull, senior analyst at Aite Group.

Can I download this Info Risk Today Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!