Enterprises using new tech to deceive hackers

Summary:While honeypots are still the widely used tactic to mislead and "bait" hackers, organizations are moving toward the use of newer technologies that can trace and deceive cybercriminals.

Within active defense strategies, honeypots are the most widely used tactic, but enterprises are now moving toward other technologies such as using fake data to deceive cybercriminals.

According to Joseph Steinberg, CEO of Green Armor Solutions, major financial institutions and large firms in other industries have been using honeypots for years. Even small businesses and individuals with sensitive data to defend have been using them, Steinberg pointed out.

datatheft
Honeypots are still the widely used tactic to mislead and "bait" hackers, but organizations are moving toward newer technologies to trace and deceive cybercriminals.

This is because the financial sector has always been a favorite target for hackers and will more likely be able to adopt active defense strategies, Eric Chan, regional technical director of Fortinet Southeast Asia and Hong Kong, explained. They also have high IT security budgets and are risk-averse , so they will be likely to consider them, he said.

Move toward strategy, newer technologies
However, among the enterprises that have the resources to dedicate to robust and complex defenses, there is a gradual move from honeypots to using more sophisticated active defense methods, Steinberg noted.

Such methods include developing new technologies that mislead hackers, or coming up with false information to lure hackers down dead ends and away from organization's critical information, he explained.

Juniper Networks for one, was in talks with India's government and CIOs of top companies adopt its deception-based cybersecurity system.

Other than in India, the technology, called Intrusion Deception software, has already been adopted by many private and government organizations worldwide, according to David Koretz, vice president and general manager of Mykonos Software, which Juniper Networks had bought for US$80 million in February last year.

"In real life, almost every government has a traditional military defense like Army, Air Force and Navy, but there is also a secretive, deceptive group of spies and undercover organizations thwarting attacks before they are ever launched. The same goes for enterprises and the cyberworld."


-David Koretz, vice president and general manager of Mykonos Software, Juniper Networks

The Intrusion Deception software is designed to identify and thwart attackers before they attack by inserting fake codes and files throughout a Web site, so attackers are detected earlier with greater accuracy, Koretz explained.

"In real life, almost every government has a traditional military defense like Army, Air Force and Navy, but there is also a secretive, deceptive group of spies and undercover organizations thwarting attacks before they are ever launched," Koretz said. "The same goes for enterprises and the cyberworld."

Start with a low-interaction honeypot, before combining strategies
Moving forward, Steinberg expects more sophisticated active defense methods to be adopted by organizations and the move away from honeypots. Honeypots are merely "bait", but enterprises today want to feel like they are able to fight back against hackers instead of passively defending themselves, he said.

Chan also advised that for companies starting to deploy active defense,
they can start with low-interaction honeypots, such as a facade, which is a lightweight form of honeypot and most often implemented as a software emulation of a target service or application.

Such honeypots are easy to deploy and maintain, especially for small businesses and individuals who want to secure their secretive data, he said.

In order for companies to effectively adopt active defenses, they should combine the use of both "the bait and the strategy", Steinberg pointed out. Both honeypots, new technologies to mislead hackers and new strategies should be used together for a complete strategy, he explained.

Topics: Security, Tech Industry

About

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.