By Salvatore Stolfo on Oct 16, 2018, 2:23:59 PM
Get deception without the hassle of creating and maintaining honey environments
The inability to detect and understand modern attacker-type breaches has created new interest in deception technology. To date, deception products have mostly focused on the build out of complex ‘honey’ environments designed to lure attackers into fake environments to distract and track their behaviors. However, the value compared to the effort required to create and maintain these honey environments on an ongoing basis has hindered adoption. For those who have invested, success comes at a high cost. First, you need to establish an environment that mimics the operational environment in order to have any chance that attackers will believe it is real. Then, that environment must be populated and maintained on an ongoing basis to keep it realistic. Additionally, hackers have become increasingly sophisticated in identifying even the slightest ‘tells’ in these honey environments, so they can more quickly go back to the operational environment to continue their pursuits of finding and exfiltrating confidential data, undetected. To combat this, complex deceptive assets must constantly be deployed to keep attackers engaged. This poisons asset management, which creates headaches for IT operations teams, and provides very little actionable intelligence to security teams.
At Allure, we recognize the need for deceptive techniques, we have been conducting research and development with US government support for well over a decade. We well understand the challenges with deploying honey environments at scale. Our approach is to deploy deception in the real operational environment, eliminating the need for a honey environment and its large burden on IT operations and security teams. After all, attackers may reach the honey environment only after they have pierced the real operational environment. There is no guarantee they will pursue a path toward the honey environment. Detecting attackers in the operational environment is a far better strategy. We do this by dropping patented Allure Decoy Documents, deceptive and highly believable documents embedded with beacons, in operational folders, directories and cloud shares, creating an alarm system with GPS for confidential data. We also beaconize real documents that also serve as traps. When Allure Decoy Documents are opened, real-time alerts are generated with proprietary geofence and telemetry insights to detect early breach activity, respond with countermeasures, and identify leakers and hackers, and where they exfiltrate stolen data. This approach is entirely agnostic to whatever the malicious actor may be: nation state, insider threat, programmatic APT, drop in malware. It doesn’t matter - the data becomes the instrumentation.
Allure is the only company to hold patents for decoy documents with beacons, making it completely unique in the market. See all patents here.