{"id":234,"date":"2016-07-28T03:14:03","date_gmt":"2016-07-28T10:14:03","guid":{"rendered":"https:\/\/www.acalvio.com\/?p=234"},"modified":"2016-07-28T03:14:03","modified_gmt":"2016-07-28T10:14:03","slug":"why-deception-is-necessary-for-cyber-security","status":"publish","type":"post","link":"https:\/\/acalvio.p2staging.us\/index.php\/2016\/07\/28\/why-deception-is-necessary-for-cyber-security\/","title":{"rendered":"Why deception is necessary for cyber security"},"content":{"rendered":"<div class=\"section post-body\">\nWhen I joined Acalvio as a stealth deception startup, one of the most commonly asked questions from my co-workers and friends started like this: okay tell us why deception was so important that youb\u0000\u0019d move away from DNS security &#8211; a subject you have enjoyed working on for such a long time (measured in the digital age).<br \/>\n<img loading=\"lazy\" class=\"size-full wp-image-238 alignleft\" src=\"\/wp-content\/uploads\/2016\/07\/image11.png\" alt=\"image11\" width=\"194\" height=\"238\" \/>You may not know what the acronym DNS stands for but surely youb\u0000\u0019ve touched it if you ever browse the Internet or send emails. DNS provides a simple service translating user-friendly domain names such as <i>acalvio.com<\/i> to daunting numerical IP address like <i>52.53.247.197 <\/i>understood by your computer and Internet. Unless you are a number nerd, itb\u0000\u0019s almost impossible to correctly remember dozens or even just a few websitesb\u0000\u0019 IP addresses youb\u0000\u0019d visit on a daily basis, e.g. 74.125.21.100, 173.252.90.36, or 171.159.228.150. For your reference, the corresponding websites are shown at the end of blog.<br \/>\nWhile preparing my talk on b\u0000\u001cDark Side of the DNS Forceb\u0000\u001d for the coming Blackhat conference (reference), I revisited\/analyzed some high-profiled cyber attacks and found many of those so-called sophisticated threats were actually triggered by simple abuses (aka. innovative use from the dark side) of networking protocols or misconfigurations. And yet the consequences and impacts of such seemingly tiny abuses could be catastrophic and profound for Internet stability and our daily lives. In the cyber space, itb\u0000\u0019s a sad truth that the dark side has repeatedly won the battles despite the talents, resources, and our best efforts put behind todayb\u0000\u0019s security products\/technologies\/solutions.<br \/>\nSo whatb\u0000\u0019s wrong with our cyber security? There are many possible reasons, ranging from the software complexity to attackerb\u0000\u0019s motivation\/capability. Although they are all valid rationales, one critical aspect being often overlooked is the nature of asymmetric warfare between the dark side attackers and us: B any glitch in our cyber security defense theories\/practices is a winning amplifiable opportunity for the dark side, while there is no extra penalty or risk associated with dark side missteps\/errors. The attackers from the dark side can continue b\u0000\u001ctrial and errorb\u0000\u001d until succeeding in their missions. This cyber security asymmetric warfare is due to the fact that Internet was originally built on the top of a b\u0000\u001ctrustedb\u0000\u001d model in which all the participants were considered to be collaborative with good intent, and all the digital assets, whether owned by individuals, enterprises, or governments, should be genuine and real. The dark side exploits the b\u0000\u001ctrustedb\u0000\u001d model to the extreme as there is no need for them to worry about if the data they stole is authentic or the free DNS service they are using is a trap.<br \/>\nNext generation cyber deception technology will be a key component of our arsenal to help rebalance this asymmetric warfare situation by raising the cost and risks for dark side attacks: no more free rides of the b\u0000\u001ctrustedb\u0000\u001d Internet. With next generation deception, for example, an open DNS resolver being used to launch large-scale DDoS attacks may become a monitored decoy server operated by the security research community or law enforcement agency; a government employment database may be just a set of fake honey data. By leveraging next generation deception technologies, we can provide quick accurate detection of malicious attacks from the dark side, and enable appropriate swift responses to contain\/remediate the threats.<br \/>\nThe next generation deception differs from the traditional honeypots in many aspects by addressing the following hard problems.<br \/>\n-Deception sensors will not disclose themselves and are hard to be detected\/fingerprinted by the dark side;<br \/>\n-The combination of low- and high-interaction deception sensors\/servers will enable scalable deployment in terms of volume, variety, and capability;<br \/>\n-Seamless integration with the existing\/future perimeter-based security products\/solutions will support better threat info gathering, processing, and response.<br \/>\nNow you can guess whatb\u0000\u0019d be my answer to my co-workers\/friends: deception is a true necessity for cyber security. You may find more insights about the next generation deception technologies we are working with at Acalvio from other blogs (references) written by my colleagues. I also plan to continue my discussions on a few more topics such as active deception in the near future.<br \/>\nStay tuned and thanks.<br \/>\nThe IP address list of popular websites cited in the blog.<br \/>\n52.53.247.197: B B B acalvio.com<br \/>\n74.125.21.100: B B B google.com<br \/>\n173.252.90.36: B B B facebook.com<br \/>\n171.159.228.150: bankofamerica.com<br \/>\nDS.<br \/>\n&#8212;&#8212;&#8212;&#8212;<br \/>\n<span id=\"hs_cos_wrapper_post_body\" class=\"hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text\" data-hs-cos-general-type=\"meta_field\" data-hs-cos-type=\"rich_text\">Erik joined Acalvio as our VP for Security Research. Prior to his new endeavor, he built an Internet-scale platform\/service for emerging threats collection, analysis, and enforcement at Nominum. Erik brings many years&#8217; experience in the cyber security industry including chief scientist at Damballa, principal scientist at McAfee, and head of advanced threats research at Trend Micro.<\/span>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>When I joined Acalvio as a stealth deception startup, one of the most commonly asked questions from my co-workers and friends started like this: okay tell us why deception was so important that youb\u0019d move away from DNS security &#8211; a subject you have enjoyed working on for such a long time (measured in the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":238,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[12],"tags":[],"_links":{"self":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts\/234"}],"collection":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/comments?post=234"}],"version-history":[{"count":0,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts\/234\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/media\/238"}],"wp:attachment":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/media?parent=234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/categories?post=234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/tags?post=234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}