7. 8
”..cyber attacks against national infrastructure and
reputation across Europe, information operations
that attempt to pervert political process and
frustrate the rule of law, and attempted
assassinations ..deception and counter-
deception" operations would be "critical" in
dealing with such threats.
Air Marshal Phil Osborn
Chief of Defence Intelligence
Deception. A Legitimate Extension to Strategy
8. 9
Honeypots - Not the Same as Deception Platforms
Outside the Network
Low Authenticity
Low Interaction
Inside the Network
Network, Credential
High Authenticity
AD Integration
Low Ownership Cost
Automation
BOTs and Brute Force Attacker Designed for
Research
the Human Attacker
Global Scale
9. 10
Why Deception? Why Now?
Attackers are circumventing
traditional security measures
(Firewalls, IDS/IPS, AV, DLP)
Alert volume is over-whelming
SOC personnel
Protect legacy to expanding
attack surface
A proactive defense counters
the attacker’s advantage
10. 11
Obscuring the Attack Surface and Disrupting Threats
What Deception Does
Target
Exploit
Target
Target
Deception Forces the Attacker to Have to Be Right 100% of the Time.
11. 12
Efficient, Scalable, In-network Threat Detection that changes the Asymmetry of an Attack
Deception, the Preferred Method for Detection
Primary Use Cases
Compliance, Breach Investigation, M&A Visibility
Incident Response
Credential Theft Attacks
Lateral Movement Threat Detection
Ransomware
Evolving Attack Surface
Prevention Detection
Editor's Notes
Obscures the Attack Surface
Disrupts Attackers
Diverts Attacker’s Attention
Decoy systems to misdirect
Deception credentials and bait