Salted Hash Ep 26: Deception technologies that camouflage the network

This week, we talk to Chris Roberts about deception technologies.

Sometimes, the best defense is awareness. Start with the assumption that an attacker is already on the network, then try and figure out where they are and what they're looking for. At their core, deception technologies can assist in this process, but what's the difference between a deception vendor and a honey pot?

During the RSA Conference in San Francisco had a chat with Chris Roberts, chief security architect at Acalvio Technologies, about the benefits and misconceptions of deception technologies.

As mentioned, Roberts said that the whole concept of deception technologies is the assumption that attackers are already on the network.

"From that point on, the whole idea is to act as a fisherman. What can I put on a network [or] what can I be as an architect or a system that will attract an attacker?" Roberts explained. But, deception technologies can't be all glitz and glam, they can't be too attractive to an attacker – otherwise they'll spot a trap.

So then, what's the difference between the deception technologies being sold at the RSA Conference, and a well-designed honey pot? Configuration.

"You have to spend a lot more time configuring it," Roberts said. "So, if you take the Honeynet Project, Canary, or a few of the other ones, they're really good but they take a lot of configuration."

The point being, most of the configuration and basic tuning – as well as basic deploying – can be done automatically. The size of the enterprise, as well as a realistic understanding of the what can be accomplished by using deception tech are major factors – even if you use the non-commercial offerings.

The tech by the way, isn't new.

"Essentially, deception is a new strategy that security programs can use for both detection and response," wrote Gartner's Lawrence Pingree in 2016.

"Is deception a panacea? Absolutely not, but it is a far, far underutilized technique that can provide serious security advantages against attackers, especially for those that are more advanced."

NEW! Download the Winter 2018 issue of Security Smart