Acalvio Staging

“Amazon Firestickb is to bVCRb, as bDeceptionb is to _________

“Amazon Firestickb is to bVCRb, as bDeceptionb is to _________

Complete the Analogy:

bAmazon Firestickb is to bVCRb, as bDeceptionb is to _________.

Correct Answer: bHoneypotb

Remember your SAT or ACT exams with the analogy questions?

If so you probably got this one right. For those of us old enough to remember, Video Cassette Recorders were used to record TV programs. At least on a good day that is, because a lot of things had to come together: You had to have the program schedule and channel right, make sure the tape was in the correct place and the record tab present, check the cables, and worst of all, set the recording parameters correctly. Compare that with a Firestick, to which you can just say bPlay Game of Thrones!b and youbre in business. Roughly the same goal, but a whole lot easier and more reliable.

Modern Deception solutions are analogous to the Firestick as compared to the VCR

When compared with honeypots, modern Deception solutions are analogous to the Firestick as compared to the VCR. They both can detect adversaries, retard their attack, and provide intelligence on the attackerbs techniques and motives. But trying to operationalize honeypots at scale is extremely difficult, and even if you can pull it off, itbll cost you a fortune in staff time b time that could be much better used.

Deception solutions on the other hand take care of the hard work:

  • Creation and distribution of assets (decoys, breadcrumbs, lures)
  • Ongoing matching of asset profiles with production environment
  • Collection and presentation of telemetry and indicators of compromise
  • Cost effective Deployment at scale

Advanced Deception solutions are dynamic

Crucially, advanced Deception solutions are dynamic. That is, they continuously modify the attributes of the deception assets based on changes observed in the production environment, so that they stay credible in the eyes of an adversary. Trying to do that by hand is virtually impossible, and itbs crucial because these days IT environments are always changing.

Implementing a proper Deception offering frees up staff to work on what they should be working on: evaluating high-fidelity events, incident response, threat hunting, policy, and so on. So the next time youbre asked to explain the difference between Deception and honeypots, just ask them if they remember taking their SATs, and it should be an easy conversation!

Team Acalvio

, , , , ,