Page 39 - SAMENA Trends - November 2020
P. 39

ARTICLE  SAMENA TRENDS


                                                       ARTICLE








        Dynamic Deception Technology Cyberwar Game Changer





                                                             As  a  seamless and non-disruptive addition
                                                             to  existing  security  infrastructures,  Cyber
                                                             Deception-based  threat detection  closes  the
                                                             gap  on  security  vulnerabilities.  It provides a
                                                             critical line of defense for detecting attackers
                                                             before they have time to complete their attack

                                                             and cause a data breach or harmful doings to
                                                             the critical infrastructure.

                                                          The massive increase in cyber attacks worldwide has widely increased
                                                          over the past decade. Hundreds of cybersecurity incidents have made
                                                          headline  news  with  attackers  turning  to  novel  techniques  to  craft
                                                          sophisticated  malware,  tools,  techniques,  and  procedures  to  surpass
                                                          the  existing  security  controls.  This  type  of  attack  is  referred  to  today
                                                          as  Advanced  Persistent  Threat  (APT).  The  main  challenge  with  APTs
                                                          besides their complexity is the Dwell time, which is the amount of time
                                                          spent by adversaries inside the target network without being detected.
                                                          According to the M-Trends 2020 report , the average dwell time in the
                                                          EMEA region is 54 days.

                                                          The inherent complexity of APTs comes as a result of the fact that the
                                                          adversaries, besides using zero-day malware and exploits to penetrate
        Fahad Al Ali                                      the network, are using legitimate tools inside the network to maintain their
                                                          presence and perform lateral moving activities. The usage of legitimate
        Chief Technology Officer                          tools leads to increased detection complexity, as the tools utilized by
        stc Kuwait                                        adversaries are legitimate and cannot be blocked due to business needs.

                                                          Dynamic  deception  is an emerging  category of cybersecurity  defense
                                                          mechanisms  used  to  detect  sophisticated  APT  attacks.  In  dynamic
                                                          deception,  the  system  works  on  building  a  honey-component  inside
                                                          the  production  network  by  deploying  fake  assets  (e.g.,  honeypots,
                                                          honeytokens, honey documents, etc.). These honey-components should
                                                          have a certain level of authenticity that makes them indistinguishable by
                                                          adversaries from other legitimate resources. The honey-component’s goal
                                                          is to misdirect the adversaries, luring them into these systems. Dynamic
                                                          deception usually works as a complement to other cybersecurity controls
                                                          in place to augment the existing security infrastructure. The technology










                                                                                                    39  NOVEMBER 2020
   34   35   36   37   38   39   40   41   42   43   44