LIFARS recently interviewed Mike Fabrico, Sales Director, TrapX Security of the US East Coast. In this three part interview, we discussed deception technology and why this approach to cybersecurity is growing in popularity amongst the largest companies in the world. TrapX Security currently leads the market as it pioneered the idea of deception technology back in 2010. In addition, TrapX has been releasing new reports, case studies and whitepapers frequently about how they repeatedly stop attacks for the largest companies in the world.
Below part II of this interview series:
LIFARS: “Now that we understand that the difference between deception and other detection approaches, what can deception help us understand about cyber attacker activities?”
Mike: “Another great question. Deception technology can help you discover:
- a) Where attackers are hiding in your network;
- b) Which systems they’re interrogating;
- c) What tactics they’re using;
- d) Whether they’re attempting to steal data; and,
- e) Whether they’re attempting to deploy ransomware.
Deception can do all of this without exposing your actual systems and assets.
By deploying fake devices, systems, and assets among your real assets to bait attackers, deception technology shows you which systems attackers and malware are attempting to infiltrate, what lateral spread techniques are being used, and even what an attacker may already know about your network.
Deception also gives you the ability to see how attackers are moving in your network, their primary targets and how they are progressing, exactly, through your infrastructure.
This new information and the anatomy of the attack series provided by deception technology can help you establish or refine your security priorities, including endpoint security, user entity and behavior analytics, and OT/IoT security, and it’s also valuable in helping you justify your current security budget and spend allocations.”
During our interview, Mike mentioned two case studies that document the capture of zero-day malware that has bypassed other security controls by use of deception technology.
They are linked below:
LIFARS: “What about highly sophisticated nation state attackers using the most advanced tools and special vulnerabilities? Can deception detect them as well?”
Mike: “Yes indeed, deception technology enables detection of early-breach reconnaissance and lateral movement, regardless of attacker tools used. Even if an attacker does have access to nation-state intelligence agency grade tools, techniques, and procedures, deception technology can still identify them quickly and effectively, minimizing time-to-breach-detection and reducing or eliminating your potential losses when the next attack on your network inevitably occurs. Several case studies document the capture of national threat actors that has bypassed other security controls by use of deception technology.”
Case studies are linked below:
LIFARS: “Ok Mike, you sold us; now let’s talk strategy. How does deception fit into my organization’s overall threat management strategy?”
Mike: “Organizations have begun moving from a prevention-to-detection ratio of 9:1 to a 6:4 ratio advocated by many security thought leaders. A deception infrastructure is the best way to identify attackers’ positions and gain valuable information about their techniques, tactics, and procedures. Both Governments and industries must continue to expand and grow their cyberspace security strategy. Deception technology provides expanded visibility to sophisticated cyber attackers once they are active inside of the targeted networks. This expanded visibility strengthens your consolidated threat management strategy and becomes an essential part of your overall cyber strategy.