Although the number of successful cyber attacks is decreasing globally, the resulting costs in Germany have increased six-fold. This is reported in the Hiscox Cyber Readiness Report for the year 2020. These targeted attacks can be countered: with deception technology, you meet the hacker at eye level and have the opportunity to understand and thwart his plans.
The pyramid shown above was created as the “Pyramid of Pain” by David J Bianco (Mandiant/Fireeye) in 2013. It describes the difficulties that can be caused to an attacker by different security techniques. The deeper the layer, the easier it is for the hacker to overcome. The lower three layers of the pyramid are covered by automated detection. This is where anti-malware, anti-virus and firewalls operate, for example. But these can also be easily bypassed.
The upper three layers of the pyramid are more difficult to overcome and can be addressed by software solutions that enable (AI-based) behavioral observation. But here the systems often misjudge and evaluate proper actions as an intrusion message (alert). The resulting effort for the security analyst is high and the false alarms lead to fatigue (alert fatigue): further alerts are treated with less readiness and seriousness.
At the peak, when dealing directly with the attacker’s behavior, Deception provides an effective handle with comprehensive analysis capabilities. The hacker can be observed and isolated – 0-day attacks and APTs included. Without being able to do any real damage, he finds a real and authentic system from which he can exfiltrate data and attempt a compromise.
This technology is particularly useful in the banking, financial, pharmaceutical and industrial sectors, but SMEs also face such attacks. In addition to Endpoint Deception with fast alerting (no false positives!), there is Active Directory Deception against bloodhound scans as well as Web Application Deception: Deception offers you protection at all levels of the “Pyramid of the Attacker’s Pain”.
About the Author
Senior Sales Engineer at CYBERTRAP