This month, SC Labs takes another look at deception network tools. With the rapid developments and improvements seen in this space, it felt like we were looking at some of these products for the very first time.
Deception network tools implement machine learning technology that studies an environment and accompanying assets to create decoy assets, environments and in some cases, a full-blown OS to blend seamlessly and attract attackers. There is no reason for end users to interact with decoy assets in a production environment.. So, if they do, organizations can be certain they have malicious intentions.
Dynamic deceptions that change with an environment and keep pace with attackers, force adversaries to spend more time in networks and maintain their interest through enticing decoys and breadcrumbs. By keeping attackers engaged in the network longer, organizations have more time to observe their behavior, contain threats and remediate gaps in security plans to prevent further intrusions.
Vendors in this space each take different approaches on deception. From hardware- and software-based solutions to the types of deceptions deployed, all of the technologies deliver enough hassle to throw off even the most seasoned red teamer. Although they share the same goal, these products differ from each other with unique features that reflect their own signature touch on approaching deception.
Despite the relative newness of the space, innovations and developments have evolved exponentially, and effective detection and response already are woven into these products. IoT deceptions are also beginning to trickle into this space, and, appropriately so, as they continue to play a larger role in enterprise environments. With decoys indistinguishable from reality, detection and response capabilities, threat hunting support, and rapid growth in this space, these deception network tools merit watching. At SC Labs, we are interested to monitor the continued growth of this area.
Deception Network Tools
Although still considered a newer space, the exponential improvements and innovations we have seen in deception network tools, even just in the last year, are impressive. The tools are sophisticated and carefully constructed and bring tremendous value to an organization’s security posture, which should land them at the top of the list of tools for any company serious about the security of its environment.
Honeypots are not new concepts and have been around for some time. Previously, they were intended to gather information on attacks that could be analyzed for a better and more thorough understanding of their approaches, behaviors and capabilities. Over time, their mission has changed from purely information gathering and analytics tools, to those that can be used to turn that knowledge into actionable information to form protection and prevention security measures. That evolution resulted in the birth of decoy systems to emulate a variety of connected technologies.
Fast forward to 2019, deception network tools have reached a staggering level of sophistication and efficiency. The premise of the historical honeypot and first decoy systems remain visible in the products tested here; however, their capabilities and realism have made them, in some cases, completely indistinguishable from real assets and environments. Analytical information used to back decoys and deception models so they’re dynamic and capable of keeping pace with attackers. We found standout features unique to individual products and observed the innovation of Deception as a Service (DaaS) with MSSP support capabilities.
Decoys almost exclusively are now created by leveraging machine learning technology that studies an environment and its real assets to emulate them with decoys indistinguishable from production assets. Even more impressive is the dynamic nature of the decoys that allows them to adapt and change as an environment changes, so that realism is maintained consistently and throughout. Decoys even can be full-blown operating systems. A variety of breadcrumbs and lures are used to entice attackers and those, too, are done with the same machine learning technology and level of realism found in decoys. Organizations have the ability to customize and create their own. In addition, the realism found in decoy automation removes a lot of manual overhead without compromising effectiveness.
These products offer other useful tools to help organizations understand what an attacker did while inside the network, the lateral movements made and, in some cases, even their GPS coordinates. Each product we tested has an organized, easily readable dashboard that provides quick insights and a high-level overview of events in an environment.
Given the innovations and improvements seen in deception tools during such a short timeframe, we can only guess (with excited uncertainty) what their ceilingmight look like. They keep growing in sophistication and offerings, providing both endpoint and network deception so that attackers and Red Teams alike cannot defeat them. The intelligently crafted realism and dynamic ability to keep pace with attackers and maintain that level of interest to trap and collect useful information on adversarial behavior make for efficient tools that standout in the realm of cybersecurity.
Pick of the Litter
CounterCraft impressed us with the tremendous innovation and development put into overhauling its product over the last year. The company offers an unparalleled level of consideration to the feedback it receives, and the pride for and integrity of the product are seen throughout. Quality assurance and a focus on functionality coupled with sophisticated deception methods and intelligence gathering, make CounterCraft Cyber Deception Platform an SC Labs Best Buy.
Illusive Networks Deception Management System sets the standard for deception realism and dynamic attacker pacing. Th tool’s maneuverability with a deception environment to constantly trap and deceive attackers accounts for the offering’s undefeated record against Red Teams. This level of deception sophistication with ease of use makes this the SC Labs Recommended product for this month’s round of reviews.
To see all of this month’s reviews click the headlines below.
Acalvio Technologies ShadowPlex 3.3
Attivo Networks ThreatDefend Deception and Response Platform version 5.0
CounterCraft Cyber Deception Platform 2.3.0
Fidelis Cybersecurity Deception 9.2.1
Illusive Networks Deception Management System V3.1.105
PacketViper Deception360 version 5.0
Smokescreen Technologies IllusionBLACK 3.7
TrapX Security DeceptionGrid 6.3