An information security professional’s job is becoming more like military defense every day. We are charged with battling on multiple fronts, typically without enough resources to do the job well. Yet, our creativity can serve us well in defeating any number of attackers before they steal our goods. Now we have another great example of a company taking military defense techniques to a new level and leveraging deception in their daily process.
Keep in mind, deception of this level is much different from throwing a honeypot on your network and waiting for a low to mid-level hacker to stumble upon it. This is the kind of deception designed to confuse even the most sophisticated bad guys by using one of their best abilities against them.
We’ve discussed in the past (or you may have heard one of my talks on the topic) how the bad guys are so much better at collecting and using information than we are at protecting it. Social media, as an example, fuels this by providing many different information feeds about the most dynamic part of a corporation, its people. I’ve also discussed one of the key findings from an RSA Labs paper marrying game theory and cyber defense whereby if defenders make the game too difficult to play, attackers tend to move on to other targets.
The example in the article is from a company that actively deploys deceit as a defensive tactic to confuse attackers by placing fake information all over the place. The interesting thing about this is that our propensity to virtualize can make this even easier for companies to do. Imagine spinning up or shutting down parts of the infrastructure dynamically that don’t have any real impact to the business itself, but could appear to be real to an outside attacker who may not know all of the inner workings of a target’s IT infrastructure. It’s easier to accomplish than you might think, considering most IT INSIDERS don’t have a holistic view of their own IT infrastructure.
My question to you is, have you considered this as a defense? And if not, WHY not?
Possibly Related Posts:
- Selective Domain Filtering with Postfix and a SPAM Filtering Service
- Preventing Account Takeover, Enable MFA!
- Proofpoint Patches URL Sandbox Bypass Bug
- Improve Outbound Email with SPF, DKIM, and DMARC
- Life after G-Suite/Postini