Security practitioners are debating the the role deception technologies can play in a security strategy. But how does the latest technology actually work? Sahir Hidayatullah, CEO and co-founder of Smokescreen Technologies, offers some insights.
Deception technology is not merely another name for honeypots, he points out in an interview with Information Security Media Group. "While deception technology and honeypots come from the same space conceptually, they are implemented differently," he explains (see: The Evolution of Deception Tech).
While honeypots are usually external facing, intentionally vulnerable systems designed to attract attackers, the decoys used in the latest deception technology mimic production systems and don't attract attackers or advertise themselves on the network. Anyone tinkering with these decoy systems can be presumed to have malicious intent.
"Virtualizations, machine learning and other technologies ... really allows you to scale and solve the problem of managing these decoys," Hidayatullah says. "That's been the shift as to why you can now operationalize deception in your environment, as opposed to earlier, where you could do it, but it was a real challenge to keep up with."
While deception technology may not directly help with response, it is a high fidelity discovery mechanism, he contends. "There are no false positives in deception. What that means is, containment can be very easily prioritized, instead of being stuck with information overload." (See: Adopting Deception to Control the Attack Narrative)
In this interview, (see audio link below image), Hidayatullah addresses:
- The relevance of deception technology in the current threat landscape;
- How it can help contain and remediate incidents;
- Real world examples of how deception technology works.
Hidayatullah is CEO at Smokescreen Technologies, which focuses on detecting targeted hacker attacks before they cause business impact. He was one of India's first ethical hackers and is a serial entrepreneur. His companies have investigated many of the highest-profile data breaches in the country, with clients that include critical national infrastructure, global financial institutions and Fortune 500 companies.