WatchPoint Security Blog

How to Deceive Hackers into Exposing Themselves

Written by Nathan Studebaker | April 30, 2016

We’ve seen it acted out a hundred times on the big screen. The tough-talking cop, who towers over the newly arrested suspect, hands still cuffed behind their back, as the bright lights of justice shine on. The perp, who is now shrinking ever lower into their chair, with sweat visibly running down their forehead, the pressure mounting with each passing second. The pressure becomes too much to bear and boils over into a confession of their crimes. The criminal has been outed, their crimes documented, and justice served. Did they really think they were going to get away with this?

What our on-screen heroes had in common, was a clever trap, to catch the criminals red-handed. That’s the power of deception, and you can use it on your network, to catch cyber-criminals.

 

Deception Technology

Deception technology is pretty straight forward. You’re setting a trap for any cyber-criminals that come your way. This may involve a decoy server that looks like the real thing, offers services and data just like the real thing, but…it’s a trap. It’s there to expose the bad guys and trick them into thinking they’ve come upon something of value.

Take Away their Advantage

There is an old saying in the IT Security world and it goes something like this; “Defenders always play defense, but attackers only have to win once.” One missing windows update, one un-patched system, or one user who opens an email they shouldn’t have, can lead to complete network compromise. The fact that cyber-criminals only need to get that one win makes it really hard for IT security. And as a business owner, it means the deck is stacked against you.

So, why not address this problem directly? Why not take away their advantage and make it your own? Well, that’s exactly what deception technology does. By mixing decoy data within your real data, you are arming your network with tripwires. And it’s not just at the perimeter either; it’s inside your network.

Now you have the advantage, as is it forces the cyber-criminal to win every time. The slightest wrong turn and they’ve fallen right into your trap. Your data is surrounded with tripwires, and this intrusion sets off an alarm.

Target Acquired

Once an alarm has been tripped, your incident response team springs into action, and within minutes, the threat is in your crosshairs. The entire process, from detection to containment, happens within minutes, not hours, weeks, or months.

 

Low Noise, High Accuracy

The more false positives a system generates, the less useful it becomes. Alert fatigue is one of the major challenges when implementing a Security Information and Event Management system (SIEM). WatchPoint has overcome this issue by strategically placing our WatchPoint sensors throughout an entire enterprise. WatchPoint ensures that the entire attack surface is covered with our low noise, high accuracy sensors.  Learn more about specific use cases here, or request a demo.