Within active defense strategies, honeypots are the most widely used tactic, but enterprises are now moving toward other technologies such as using fake data to deceive cybercriminals.
According to Joseph Steinberg, CEO of Green Armor Solutions, major financial institutions and large firms in other industries have been using honeypots for years. Even small businesses and individuals with sensitive data to defend have been using them, Steinberg pointed out.
This is because the financial sector has always been a favorite target for hackers and will more likely be able to adopt active defense strategies, Eric Chan, regional technical director of Fortinet Southeast Asia and Hong Kong, explained. They also have high IT security budgets and are risk-averse, so they will be likely to consider them, he said.
Move toward strategy, newer technologies
However, among the enterprises that have the resources to dedicate to robust and complex defenses, there is a gradual move from honeypots to using more sophisticated active defense methods, Steinberg noted.
Such methods include developing new technologies that mislead hackers, or coming up with false information to lure hackers down dead ends and away from organization's critical information, he explained.
Juniper Networks for one, was in talks with India's government and CIOs of top companies adopt its deception-based cybersecurity system.
Other than in India, the technology, called Intrusion Deception software, has already been adopted by many private and government organizations worldwide, according to David Koretz, vice president and general manager of Mykonos Software, which Juniper Networks had bought for US$80 million in February last year.
"In real life, almost every government has a traditional military defense like Army, Air Force and Navy, but there is also a secretive, deceptive group of spies and undercover organizations thwarting attacks before they are ever launched. The same goes for enterprises and the cyberworld."
-David Koretz, vice president and general manager of Mykonos Software, Juniper Networks
The Intrusion Deception software is designed to identify and thwart attackers before they attack by inserting fake codes and files throughout a Web site, so attackers are detected earlier with greater accuracy, Koretz explained.
"In real life, almost every government has a traditional military defense like Army, Air Force and Navy, but there is also a secretive, deceptive group of spies and undercover organizations thwarting attacks before they are ever launched," Koretz said. "The same goes for enterprises and the cyberworld."
Start with a low-interaction honeypot, before combining strategies
Moving forward, Steinberg expects more sophisticated active defense methods to be adopted by organizations and the move away from honeypots. Honeypots are merely "bait", but enterprises today want to feel like they are able to fight back against hackers instead of passively defending themselves, he said.
Chan also advised that for companies starting to deploy active defense,
they can start with low-interaction honeypots, such as a facade, which is a lightweight form of honeypot and most often implemented as a software emulation of a target service or application.
Such honeypots are easy to deploy and maintain, especially for small businesses and individuals who want to secure their secretive data, he said.
In order for companies to effectively adopt active defenses, they should combine the use of both "the bait and the strategy", Steinberg pointed out. Both honeypots, new technologies to mislead hackers and new strategies should be used together for a complete strategy, he explained.