CDSA

Dating back more than 30 years to the original “honeypot” design, the idea of deception technologies has come into new focus as the attack surface grows and threat actors have so many more targets.

While most efforts in cybersecurity focus on blocking adversaries and detecting if they breach structured defenses, there is increasing value to proactively knowing who is attempting to breach the defenses and what they are targeting.

According to the 2021 Verizon Data Breach Investigation Report, 80 percent of breaches found were from external actors, but that left 20 percent to internal employees or contractors.

Using a dedicated system like FortiDeceptor, organizations can rapidly create a fake environment that simulates the real network and assets. Through the automatic deployment of decoys and tokens, the deception network seamlessly integrates with an existing IT/OT/IoT/Cloud infrastructure to lure external and internal attackers into revealing themselves.

FortiDeceptor can serve as an early warning system by detecting an attacker’s activity and the lateral movement of a broader threat campaign.

The threat intelligence gathered from the attacker can be applied automatically to inline security controls to stop attacks before any real damage is done.

In normal working operations, web servers are deployed and listen for requests from clients, who enter the request in a browser to receive responses.

As these systems need to be generally available to serve their intended function, many hackers continuously scan servers to determine what services are running in addition to details about the host system itself that could be potentially exploited.

Instead of waiting for a surprise, organizations are choosing to host their own “virtual services” and record the activities contacting them via network scans and false access attempts.

This is one of the few ways that cyber defense operators can take a proactive role, and the cost/benefit analysis is compelling.

New services can be deployed easily via a virtual machine (VM) console in hosted or cloud environments or added as a physical device to ensure the highest level of isolation.

The services emulated have reached far beyond the early simple websites or fake databases to elaborate and integrated services that can discern everything from users unable to locate resources to malicious internal and external actors that are looking for a weakness to exploit in the company infrastructure.

Threat intelligence integrated to these deception systems can provide accurate detection and the ability to connect to other security components as part of the Fortinet Security Fabric allows users to be identified and isolated, but also a bevy of alternative actions available.

For more information, please visit the Fortinet FortiDeceptor landing page and ask for a demonstration.

This is the third of three articles featuring cybersecurity insights from John Jacobs, field CISO, technology, for Fortinet.

You can read the first two here and here.