Deception: Deceiving the Attackers Step by Step

Similar documents
Checklist for Evaluating Deception Platforms

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Building Resilience in a Digital Enterprise

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

RSA NetWitness Suite Respond in Minutes, Not Months

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

THE ACCENTURE CYBER DEFENSE SOLUTION

A Risk Management Platform

CloudSOC and Security.cloud for Microsoft Office 365

BUILDING AND MAINTAINING SOC

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

McAfee Endpoint Threat Defense and Response Family

NEXT GENERATION SECURITY OPERATIONS CENTER

Managed Endpoint Defense

Introduction to Threat Deception for Modern Cyber Warfare

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Symantec Ransomware Protection

FOR FINANCIAL SERVICES ORGANIZATIONS

The Art and Science of Deception Empowering Response Actions and Threat Intelligence

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

The McGill University Health Centre (MUHC)

ForeScout ControlFabric TM Architecture

The Evolution of : Continuous Advanced Threat Protection

How Deception Technology Helps HIPAA Compliance

Trends and Challenges We now live in a data-driven economy A recent Gartner report discussing NetOps 2.0 stated, NetOps teams must embrace practices a

RiskSense Attack Surface Validation for IoT Systems

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Popular SIEM vs aisiem

WHITEPAPER DECEPTION TO ENHANCE ENDPOINT DETECTION AND RESPONSE

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Cybersecurity Roadmap: Global Healthcare Security Architecture

RSA INCIDENT RESPONSE SERVICES

McAfee Advanced Threat Defense

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Automated Threat Management - in Real Time. Vectra Networks

Bromium: Virtualization-Based Security

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Emerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan

Office 365 Buyers Guide: Best Practices for Securing Office 365

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Software-Defined Secure Networks in Action

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

A Simple Guide to Understanding EDR

CyberArk Privileged Threat Analytics

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

From Managed Security Services to the next evolution of CyberSoc Services

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

with Advanced Protection

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

McAfee epolicy Orchestrator

Unlocking the Power of the Cloud

ENDPOINT SECURITY STORMSHIELD PROTECTION FOR WORKSTATIONS. Protection for workstations, servers, and terminal devices

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Securing Your Digital Transformation

Security and Compliance for Office 365

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

deep (i) the most advanced solution for managed security services

CipherCloud CASB+ Connector for ServiceNow

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

Consolidation Committee Final Report

Information Security Specialist. IPS effectiveness

Active defence through deceptive IPS

RSA INCIDENT RESPONSE SERVICES

Put an end to cyberthreats

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Jens Thonke, EVP, Cyber Security Services Jyrki Rosenberg, EVP, Corporate Cyber Security CORPORATE SECURITY

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Agile Security Solutions

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Acalvio Deception and the NIST Cybersecurity Framework 1.1

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Gujarat Forensic Sciences University

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

Reducing the Cost of Incident Response

A Modern Framework for Network Security in Government

SIEM: Five Requirements that Solve the Bigger Business Issues

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Security Terminology Related to a SOC

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Detect Cyber Threats with Securonix Proxy Traffic Analyzer

TRAPS ADVANCED ENDPOINT PROTECTION

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

THE EVOLUTION OF SIEM

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Real-time, Unified Endpoint Protection

Transcription:

Deception: Deceiving the Attackers Step by Step TrapX Security, Inc. February, 2018

In 2017, Gartner emphasized how companies are transforming their security spending strategy and moving away from prevention-only approaches to focus more on detection and response. The analyst firm predicts that global spending on security will reach $96 billion in 2018, compared to 89 billion in 2017, and that by 2020 it will exceed $ 113 billion. It is expected that spending on improving detection and response capabilities will be a key priority for security buyers by 2020. Around the world we have seen how private and federal-initiative organizations have begun to evaluate and acquire technologies that allow improved detection and response to security incidents, in new solution segments such as Deception, Endpoint Detection, and Response(EDR), Cloud Access Security Brokers (CASBs) and to a lesser extent User and Entity Behavior Analytics (UEBA). Specifically, Deception has become a fundamental element of Gartner's recent Adaptive Security Architectures model called CARTA: Continuous Adaptive Risk and Trust Assessment. Deception is also part of Gartner's Top 10 strategic technology trends for 2018. Even during 2016 and 2017, this approach was also listed as part of the top technologies in information security for organizations. Deception has become an important component for the existing company infrastructure security, because of its main objectives and benefits: Detection of malicious attackers and insiders (inclusive misconfigurations) on the network. Copyright January, 2018 TrapX Security, Inc. All Rights Reserved. Page 2 of 5

Deception, interruption, confusion and delay of attackers' operations and attacks in progress. This is the main goal of Deception. Measurement of the effectiveness of other existing solutions such as EPPs / AV, NIPS, NGFW, UTMs, BDS, SEG, SWG, etc. Facilitation of the delivery of managed services (Managed Deception Platforms) under SOC / MSSP systems. Particularly during 2017, Deception grew in popularity due to the model's inherent benefits for multiple business customers. Integration with existing cybersecurity ecosystems such as SIEMs, sandboxing platforms, network access control, and containment platforms, as well as the sharing of fully actionable intelligence with traditional prevention mechanisms. And, in the case of Intelligence-driven Incident Response and Active Defense, Advanced Deception Architectures (like TrapX Security DeceptionGrid ), exposure of attackers' techniques, tactics and procedures to identification of their activities even when the attackers try to circumvent defenses and existing prevention and detection methods. TrapX's multi-layer architecture works to Deceive the attacker at each of the stages of attack, which is described below: The attacker already has a presence inside the organizational network for evasion of controls. A single compromised node (patient zero) enables the attacker to perform reconnaissance, searching for valuable information or a clue about valuable targets, for the attacker s "initial jump". In other less sophisticated cases, the attack only uses ransomware and spreads by taking advantage of a security hole. This is where TrapX comes in. During this stage, TrapX presents a layer of deception using Deception Tokens, simple endpoint configuration changes that divert the attacker to a fake resource ( trap ) for quick identification and prevention of its spread to other network endpoints. When the attacker attempts to laterally propagate the threat through human attack, malware, or sophisticated attack, TrapX presents to the attacker a surface of traps emulating the operational platforms of the organizations (servers, workstations, network devices, SWIFT / ATMs, Points of sale, medical devices and IoT devices such as network printers, security cameras and intelligent lighting systems). This DeceptionGrid network allows us to quickly identify the source of the attack, the timeline / detail of the sequence of the attack (connection, reconnaissance, malware exploit), the payloads involved, and the packet capture of the interaction on the trap, to immediately isolate the attacking node, manually or automatically, and feed intelligence to other existing security devices. Copyright January, 2018 TrapX Security, Inc. All Rights Reserved. Page 3 of 5

More advanced incident response teams "interact" with attackers in greater depth through a high-interaction trap, which has an actual full OS that presents real responses to attackers' probes. Emulations' deceptive services are redirected depending on the type of service or protocol attacked (AD, MS SQL, HTTP, WMI, SMB, CMD) to a high-interaction trap that provides all the real characteristics of a production asset. A virtual machine running on Windows 2008 R2 SP1 or Windows Server 2012 R2 allows us to proxy from hundreds of emulation traps. Any activity on the trap is recorded from start to finish providing all the forensic detail of the procedures or tools executed by the attacker. Minimal false positives, a high fidelity of alerts, and an alternative detection method with low-friction in its deployment relative to other analysis technologie, are causing the market to rapidly adopt the Deception approach. Our recent TrapX DeceptionGrid release 6.1 allows us to automatically discover your network, and to accordingly automatically deploy traps similar to existing operating systems. Copyright January, 2018 TrapX Security, Inc. All Rights Reserved. Page 4 of 5

About TrapX Security TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that imitate your true assets. Hundreds or thousands of traps can be deployed with little effort, creating a virtual mine field for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately. Our solutions enable our customers to rapidly isolate, fingerprint and disable new zero day attacks and APTs in real-time. Uniquely our automation, innovative protection for your core and extreme accuracy enable us to provide complete and deep insight into malware and malicious activity unseen by other types of cyber defense. TrapX Security has many thousands of government and Global 2000 users around the world, servicing customers in defense, health care, finance, energy, consumer products and other key industries. TrapX Security, Inc. 1875 S. Grant St., Suite 570 San Mateo, CA 94402 +1 855 249 4453 www.trapx.com sales@trapx.com partners@trapx.com support@trapx.com TrapX, TrapX Security, DeceptionGrid and CryptoTrap are trademarks or registered trademarks of TrapX Security in the United States and other countries. Other trademarks used in this document are the property of their respective owners. Copyright January, 2018 TrapX Security, Inc. All Rights Reserved. Page 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback