WatchPoint Security Blog

What is Deception Technology?

Written by Chris Hartwig | July 11, 2016

Set a Trap to Catch Cybercriminals

Deception Technology is a new approach to cybersecurity that is designed to prevent a cybercriminal who has already infiltrated a network from doing damage. This technology helps an organization move from reactionary to a proactive, defensive posture. Since signature-based antivirus has been a complete failure at detecting zero-day threats; a new approach to luring and trapping cybercriminals has been developed to prevent or at least delay an attacker from penetrating deeper into the network and reaching their intended target.

Deception technology products work by creating deception decoys (traps) that mimic legitimate IT assets throughout the network. These traps can run in a virtual environment or a real operating system and actually provide services that work to trick the cybercriminal into thinking they have found a way to steal credentials or escalate privileges. Once a cybercriminal has hit a trap, notifications are sent to a deception server that records which decoy was hit and what attack vectors were used.

Move Over Antivirus & Firewall

Deception Technology vastly improves upon existing security but isn’t designed to replace your antivirus or firewall. It should be used as another layer of network protection to track and trap those cybercriminals who have gotten past your defenses and reached your endpoints. It can take months to identify an internal breach using traditional antivirus and firewalls. Once cybercriminals have breached your network defenses, they will spend on average, almost one-year gathering intelligence on your network infrastructure and your financial activities.

Why Didn't My AntiVirus Detect CryptoWall? 

It is very important that you do not allow cybercriminals to set up shop on your network and provide them the time they need to gather crucial information about your infrastructure and most importantly financial information. Deception Technology doesn’t rely on signatures and is a great way to improve network security and gain visibility to an attack that has bypassed traditional prevention measures.

Why I'm breaking up with my antivirus software 

Using Deception Technology will greatly enhance your current security information and event management system (SIEM) to ensure infected devices are isolated from the network as quickly as possible.

If an internal network threat is detected, you will be alerted to the actions of the cybercriminals. These event-driven alerts can be combined and examined with other logs from the SIEM system to gather forensic evidence. Using sophisticated deception systems, you may be able to gather information on the attackers command and control (C&C) server to learn about the attacker’s methods and the tools they are using.

Where Can I Find Deception Technology Solutions?

WatchPoint has developed a unique product called CryptoStopper™  that uses Deception Technology to trap cybercriminals. CryptoStopper™ is a unique solution that is specifically designed to detect and stop actively running ransomware on your network in less than a second.

CryptoStopper is already helping companies of different sizes in various industries protect themselves from this growing threat.

 

Further Reading:

Why Signature Based AntiVirus Solutions Fail to Detect Crypto Ransomware

What can you learn from DNC's recent hack?

Ransomware Kits: The Newest Tool for Cyber Criminals

Why Didn’t My Antivirus Detect Cerber Ransomware?