Review: Fidelis Deception breathes life into fake assets

Today's skilled hackers know, or at least suspect, that deception is in place and won't blindly follow breadcrumbs to fake assets. To combat this, Fidelis Deception creates realistic, living deception assets.

Deception as a defensive technology has come a long way in a very short period of time. Today, almost every enterprise network is going to have some form of deception employed to trick and trap unauthorized users. But its success is also becoming a problem because attackers are starting to expect, and in some cases even spot, deceptive assets.

The one thing that has not changed is the overall concept of how deception technology works. Fake assets are deployed throughout a real network. While valid users would have no easy way of reaching them, or even know that they exist, breadcrumbs and other clues pointing to them are left on real assets. Because hackers must crawl networks blindly, those clues can lead them astray, causing them to land on a deceptive asset. And because no valid user ever would, the fact that a user or program is interacting with a fake asset is almost always cause for alarm, and evidence that an intruder has bypassed other network defenses.

Early versions of deception platforms helped users deploy fake assets and drop breadcrumbs pointing towards them but did little else to improve that deception. And when the technology was relatively new, many attackers took the bait. Today, however, skilled hackers know, or at least suspect, that deception is in place and won't blindly follow breadcrumbs. Dead or inactive assets only used for deception purposes probably won’t get touched by attackers who suspect a trap. Even advanced malware can sometimes sniff out the deceptive paths.

Fidelis Deception was created to make deceptive technology a valid defense once again, even if an attacker knows that it’s protecting a network that they are trying to breach. It does this by creating living deception assets that can interact with one another and perform tasks that make them seem alive. It can also create fake users that interact with the deceptive assets on a regular, yet randomized, schedule like a real human would. And it even has a few nasty surprises in store for unauthorized users to ensure that they completely waste their time, thus giving cybersecurity teams a large window to catch them in the act.

The Fidelis Deception platform can be deployed as an on-premises solution, in the cloud, or as a service. It can also exist as hardware or software. In terms of performance, most of these deployments are identical with the one exception of the traffic monitoring sensors, which are used to automate and bring deceptive assets alive and to track possible attackers. The hardware sensors from Fidelis can accommodate up to 10G of traffic volume while the virtual machines top out at around 2G. Pricing for the platform, regardless of deployment method, is based on the number of real users that are being protected. There is no limit to the number of deceptive assets or even deceptive users that the program can create and deploy, and deploying more assets or users doesn't change the price.

1 Fidelis Deception John Breeden II

From the Assets screen, users can see exactly how many and what kind of assets have been deployed. There is no limit to how many deception assets can be created.

Setup and testing

Deploying deceptive assets is extremely easy with Fidelis Deception. Users can go into specific user groups or asset categories and deploy deception assets using a series of drop down menus. Or, they can have Fidelis automate the process. Because traffic monitoring through the sensors is part of the Deception platform, the program watches network traffic and learns how it flows. By clicking the “Suggest for Me” button, Fidelis Deception will propose a list of deceptive assets that would naturally sit within the existing workflow. That might involve anything from mail servers to printers. It then records those assets so that it can interact with them later and make them all seem alive.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!