Deception technology is a type of security tools and methods that are designed to prevent a hacker who has already entered the network from doing damage. The technology uses decoys to misguide the attacker and prevent him from going deeper into the network and reaching his intended target
Deception technology products work by deploying deception decoys that appear genuine IT assets throughout the network. The decoys run either as a real operating system (OS) and provide services that are designed to trick the hacker into thinking he has found a way to steal credentials. However, the attacker has been lured into scanning or attacking a decoy, which then notifies a special dedicated server called an engagement server or a deception server.
Attacks begin when the network is scanned from the infected endpoint and identify the assets which he wants to target
An attacker exploits the infected endpoint to extract credentials and location of the assets that it wants to target.
Deception Based Cyber Security Defense enhances rather than replaces the other security products the organization uses. The technology is not dependent on attack signatures, which makes it extremely effective for gaining real-time visibility into an attack that has bypassed all other prevention efforts, ensuring that infected devices are identified and quarantined as quickly as possible.
Since, Deception Decoy Technology is designed to detect inside-the-network threats and their lateral movement, alerts are always event-driven and automatically supported by details that can be analyzed with other log data from the organization’s system, some deception systems can even start communications with the attacker’s command and control (C&C) server to learn more about the attacker’s methods and the tools he is using.
Image Courtesy Google.