Threat Deception: Attacking the Illusion
Posted November 2, 2017 by Sayers
“Guardian, this is Rapier….three klicks southeast of target…Rapier is Oscar Mike. Radio silent. Over.”
“Copy Rapier. This is Guardian. Out.”
“Guardian, this is Rapier. Code worked. Rapier in the perimeter headed to target…..FRV in five. Over”
“Guardian, this is Rapier. What’s goin’ on? We’re in the building ……negative contact….I repeat, negative contact. Nothing. Just empty buildings with a lot of fake furniture…over.”
“This is not the real site, Rapier! Repeat…NOT THE REAL SITE! POP SMOKE…REPEAT…POP SMOKE!”
Rapier watches in disbelief, as the mirage surrounding him disappears. The walls, ceiling, and floor of a plain white cell slowly appear. No door. No escape. Rapier’s every move was captured and documented, as his target safely carried out its own mission elsewhere.
Such is the purpose of advanced threat deception technologies. The idea is to create an attractive and illusionary target to entice a would-be-hacker. The miscreant spends precious time and money on penetrating a target that is nothing more than a complex illusion. This illusion’s sole purpose is misdirection, so a defender has more time to mount an effective and proactive defense. The hacker’s reality is absorbed into the illusion, while the defender watches his every move, and learns his methodologies.
Couple threat deception technologies with other advanced analytical and detection tools, and you have the capability to keep miscreants chasing their tails for long periods of time, all the while, you recon and enumerate them. Your blue team becomes increasingly effective as they gather intelligence, and your red team can refine its own processes to mirror an actual threat, rather than a conceptual threat.