Gotcha! That is the goal behind an increasingly popular cybersecurity tactic in financial services that relies on deception to lure hackers into a fake network component, server or database to study their behavior and — ideally — to shut them down.
Large banks and credit unions are interested in the technology and are starting to use it, software vendors and other experts say.
“For banks and credit unions it makes sense to have … an early-stage heads-up that you have been hacked and can get your incident-response team going on it immediately,” said Stu Sjouwerman, founder and chief executive of the security-consulting firm KnowBe4.
Banks appreciate the technology as they are constantly under threat, said Tushar Kothari, the CEO of Attivo Networks, who says five of the top ten U.S. banks use his company’s software. “Most banks are now keen on beefing up security; if malware gets through the perimeter, they want to quarantine and neutralize that threat as soon as possible.”
It feels counterintuitive: if attackers have broken into a network, wouldn’t banks want to destroy them, rather than fool them into thinking they have hit pay dirt?
There are a few reasons why deception makes sense.
First, the software is actually a last-resort measure. It is the Plan B — a network has been accessed, a data breach has occurred, and the targeted bank wants to figure out who the intruders are and to share information about them among its staff members and with other institutions. It is a way for the bank to know it is the victim of a data breach right away rather than six months later as often happens.
Second, quarantining hackers in a “deception environment” can drain their resources until they figure out later that they have been duped.
“Today we use a sledgehammer — we detect you and you’re blocked,” explained Lawrence Pingree, research director at information-technology consultant Gartner. “You know for darned sure you’ve been detected. If we start to deceive you, we can make you spin your wheels and that’s an economic burden.”
Third, banks can learn a lot about the attackers and their tools and methods, to block future incursions. “You have to get the detail of their entire attack to be able to nab them in the future,” Pingree said. “This doesn’t mean we allow them to breach our data. It means that when we detect them, we start to deceive them, isolate them from real systems and we watch them.”
Evolution of ‘Honeypots’
Deception has long been part of the art of war. During World War II, the U.S. and British armies set up fake camps to convince the Germans that they were in one spot when they were actually heading to an attack elsewhere, tricking the enemy into preparing for the wrong attack.
In modern times, the Defense Department has used so-called honeypots to try to catch cybercriminals. The word honeypot comes from the days when farmers would put honey out to lure bears who were killing their livestock, and wait in a blind to shoot them. Honeypot software creates a fake system that sits on a network and exposes emulated or real services to the attacker.
View the original content and more from this author here: http://ift.tt/1KOYJpR
from hacker samurai http://ift.tt/1QCeejC
via IFTTT
No comments:
Post a Comment