"It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts." -Sherlock Holmes
Deception for cybersecurity: On the rise
One of the great fortunes of having worked in the security business for a couple of decades is being able to observe security trends and interestingly, see what was old become new again. There’s a lot of truth to Larry Ellison’s quote that, “the computer industry is the only industry that is more fashion-driven than women's fashion.” Techniques and products for deception in the IT space seem to be one of these interesting trends. It’s not that deception was ever a bad idea, it’s just that it was hard, took a lot of resources and frankly, the tools never really worked all that well for those of us knee-deep in the day-to-day security grind.
Fast forward to the 21st century where the age of client-server computing is behind us and ‘As-A-Service’ products and resources are both ubiquitous and the rule of the day. Marc Andreessen told us back in 2011 that “software is eating the world” and today’s IT infrastructures live and breathe virtualization, cloud computing, and containers: that is, software. Security however, is still struggling to complete the leap to software because there’s a tremendous amount of investment and infrastructure riding on incumbent (and legacy) hardware solutions. So how can software help network defenders shape the cybersecurity battlefield to their greatest advantage? As deception techniques and capabilities come back into vogue, this time, software is going to help make deception one of the critical component’s in the CISO’s toolbox.
Challenges with existing deception technologies
While deception technologies have always held the promise of changing the dynamics of engaging with cyber attackers, unfortunately, most security professionals’ response is some version of, “Been there, done that, costs too much, and there’s too much overhead.” From an historical perspective, they would be right. For as long as cyber deception solutions have been around, they’ve taken a huge amount of effort in IT management and security personnel resources to realize any significant value. If the new world of software-defined everything can achieve so much across so many fields, what can it do for cyber deception? Can it deliver on the battlefield-shaping promise so many security teams need? I believe it can.
One of the rightfully pessimistic things often heard about deception strategies is that, “it’s not on my top 10 list of things to do.” That’s not surprising when the average security organization is using over 70 different products and services. The thought of adding ONE MORE THING seems insane. But, what if you could eliminate several tools or services by adding that one thing? That obviously changes the equation in a positive fashion. Cyber deception technologies have the capacity to change the product mix by allowing security teams to take a more proactive stance against attackers through the use of cyber deception as a component of an overall defense-in-depth strategy. Deployed appropriately, deception can provide earlier discovery of compromises, increased detection accuracy, and more relevant and actionable threat intelligence.
Learn more on how “Deception Levels the Playing Field” against attackers in our whitepaper.
Introducing vArmour DSS Deception
Today, vArmour announces our entry into the deception space with vArmour DSS Deception. What makes this announcement so exciting is that this is the first time a cyber deception technology has been built upon the foundation of a distributed security system - built for the world of software. It leverages the latest virtualization and networking technologies to give CISOs and security professionals the battlefield-shaping capabilities they’ve long been hoping for.
With automated deployment in minutes, integrated alerting and security analytics, and tightly secured deception points to keep the deceptions from being compromised by attackers - this is how you build security architectures in the age of software. The most impressive feat however is that with vArmour DSS Deception, you’re able to take a single deception point, map it to unused IP ranges in your data center, and create the appearance of thousands or even millions of attackable hosts – all without the use of agents or networks of honeypots.
vArmour DSS Deception is pretty impressive on its own, but combine it with the flagship vArmour DSS Segmentation and the full picture starts coming together. With vArmour DSS Segmentation, security teams can tighten their security policies down around each individual workload using a Layer 7 policy engine - dramatically reducing the attack surfaces exposed in their data centers. By adding vArmour DSS Deception, you can simultaneously expand the attack surfaces seen by attackers as well as diverting them away from the organization’s crown jewels. This is what shaping the cybersecurity battlefield looks like in the age of software.
The pace of technology only increases and attackers certainly aren’t going anywhere, but as we move forward into the security challenges of tomorrow, we can now, finally, begin to engage with attackers on our own terms and really start to see the benefits of home field advantage.
Sun Tzu said, “In the midst of chaos, there is also opportunity.” Deception is opportunity.