Without a doubt, many malicious hackers would like to think of themselves as masters of stealth and deception: striding past firewalls and breezing through ports, exposing the inadequacy of corporate security systems and making off with valuable data or wreaking havoc on resources.
However, using a new breed of security tools called deception technology, organizations are positioning themselves to beat hackers at their own game. And with a common goal of turning hackers against themselves, the tools come a variety of different forms. Some of the defining strategies include:
- Fake system resources: Deploying mock servers with no legitimate business use, companies can lure hackers in to “honeypots” where they can observe and counter activities. Since no actual business users are accessing these servers, malicious activity is very easy to catch and report.
- Hacking tool jammers: Some deception programs are designed to overwhelm a hacker’s tools, coercing them to move along. For example, a tool might generate an endless stream of web pages, rendering a black-hat’s web-crawler ineffective.
- Phony controls: Operating much like certain malware programs, some deception tools pose as apps that entice hackers to run them. When they do run them, though, these apps trigger countermeasures.
- Additional strategies: Such as labyrinthine directories and shape-shifting parameters, bait and confuse intruders.
Playing a malicious hacker for a fool is, no doubt, a satisfying prospect for organizations growing frustrated with the proliferation of cyber threats. However, deception technologies also serve a more practical purpose by filling gaps in defense, where firewalls are simply not enough to keep the bad guys out of critical systems. Even a particularly sophisticated hacker who may sniff out a trap is likely to move on to other targets, with less potential to leave them exposed or end up in a fruitless endeavor.
No security tool is a magic bullet to end breaches. However, for their potential to discourage, misdirect and expose hackers, deception technologies should be seen as a welcome addition to any cyber security arsenal. And they are a resource that may tip the scales against intruders within a well-constructed defense.
Lunarline partners with leading innovators in deception technology, and we leverage their tools on behalf of our clients, both in our consultative services and within our managed security services. For more information on these capabilities, and how we can help your organization get the edge on black-hat hackers, visit lunarline.com or contact us today.