Bruce Guptill, Jim Hurley Research Alert
What is Happening?
Digital cyber deception changes the traditional enterprise security approach from (possibly) learning about compromises months after they occur, toward definitively seeing and handling cyber-attacks that are underway. It helps to put the enterprise back in charge of its own cyber-defenses. However, as with any new disruption, there will be obstacles on the way to mainstream adoption.
A new ISG Insights report – Digital Disruptors in Digital Cyber Deception – from ISG Insights reviews how cyber deception works (and why), and looks at five providers of digital cyber deception platforms. These providers are helping to define and drive the agenda of digital cyber deception, and the way we will think of and practice, defensive cyber-security in the future.
Digital Disruptors in Digital Cyber Deception examines offerings from five providers that we see helping to shape the cyber deception marketplace while disrupting traditional cyber security approaches. The five – Acalvio Technologies, Attivo Networks, Cymmetria, Illusive Networks, and TrapX Security – are profiled by functionality, relative strength, and challenges, with our recommendations as to where each is best suited.
In addition to the five providers of digital cyber deception highlighted in this report, other providers include CounterCraft, CyberTrap, Javelin Networks, Smokescreen Technologies, Thinkst, and Topspin Security. Other providers claiming to field products with similar features include Guardicore, Shape Security and vArmour. Clients of ISG Insights can look forward to examinations of these in future Research Notes and reports.
Why is it Happening?
As we have long maintained, the nature of interconnected systems means that there really cannot be an effective IT security perimeter. And the more users, devices, and software are linked, the less effective are traditional practices focused on boundaries and barriers to stop intrusion and loss.
The impetus driving adoption of digital cyber deception comes from enterprises in industries where cyberattacks are continuous, where the frustration of cyber-defenders is high, where the cybersecurity culture is open to new approaches, and where dealing with new and small providers is not anathema to IT and security leadership – or procurement organizations. Integration with security incident and event management/security operations center (SIEM/SOC) processes will speed enterprise adoption.
Instead of emplacing more barriers to stop cyber-attackers, digital cyber deception lures them into one-way traps. The bait of digital cyber deception helps to maneuver attackers into what appear to be real systems, while keeping them away from operations and digital crown jewels. It plants deceptions – e.g., breadcrumbs, lures, and tokens – throughout the network that attackers expect to find and use to move about in search of digital booty. It transports attackers into a range of decoy systems ranging from database stores, Linux and Windows servers, domain name servers, Active directory servers, point of sale (POS) and industrial control systems (ICS) among others. Once lured, attackers are kept bottled-up in digital honeypots and away from anything that will result in harm.
Anything touching a digital deception is considered a valid attack. Users so far report complete accuracy regarding attacks, with no false positives. Its track record indicates that cyber-defenders are notified as soon as digital deceptions are touched, while the movement of cyber-attackers is monitored in real-time. Better yet, users say its decoys are keeping invaders occupied in virtual environments that are easy to get into, and very difficult to escape from – a little like a digital jail.
Net Impact
Digital cyber deception is the new paradigm for defensive cybersecurity. It stops cybercriminals and attackers by fooling them. It does this by inviting attackers using deceptions, it lures attackers and then traps their lateral movement into mirage kingdoms of shiny fools-gold. Instead of old-world brute-force security that is losing its oomph, this smarter approach to cybersecurity changes the rules of the game in favor of the enterprise.
Readers of Digital Disruptors reports should of course make their own determinations and assessments regarding potential providers, based on their unique requirements, relative priorities and evolving strategies specific to the business or IT challenge at hand. Those requirements should form the criteria for evaluation and selection of providers and solutions.
ISG Insights’ Digital Disruptors are not meant to be complete or exhaustive lists of all technology vendors, solution providers or offerings in a particular area of Business IT. Inclusion in a Digital Disruptors report is not limited to clients of ISG, and implies no endorsement with respect to the providers, nor a warranty of provider suitability or viability. The source of Digital Disruptors content is based on a combination of non-confidential information and analyst insight, supported by fact-based research and analysis and ongoing engagement with both enterprise leaders and providers.
The report is available immediately to ISG Insights subscription clients by clicking here. Clients may also simply log in and download a PDF of the report. Non-clients may obtain copies of the report by contacting ISG Insights at https://insights.isg-one.com/contact-us/become-a-client.