Deception Technologies: Immature State Raises Questions about Maturity and Capabilities
The Current State of Deception Technologies
In a recent discussion at Infosecurity Europe, cybersecurity experts weighed in on the maturity and capabilities of deception technologies. Debi Ashenden, a professor in cybersecurity from Adelaide University, described these technologies as relatively immature, suggesting that they have emerged from the concept of honeypots but lack good use cases or reference customers to authenticate their effectiveness. Gonzalo Cuatrecasas, the CISO of Nordic industrial manufacturer Axel Johnson International, emphasized the importance of maturity in technology, stating that it must be capable enough to perform its intended job; otherwise, it remains halfway technology that fails to address security concerns effectively. Lewis Woodcock, senior director of cyber operations for shipping concern A.P. Møller – Mærsk, added that customers must fully understand their underlying goals before embracing deception technology, cautioning against blindly following the latest cool trend without considering the desired outcomes.
The Resource-Intensive Nature of Deception Technology
According to Ashenden, deception technology can be resource-intensive, which many CISOs fail to consider when determining its necessity. Woodcock raised questions about how organizations would develop and execute an action plan once they activate deception technology against an attacker. Addressing potential threats and managing the aftermath requires significant preparedness, an aspect that many organizations might not be adequately equipped to handle.
Deployment and Fit within the Cybersecurity Portfolio
Ashenden also highlighted the challenge of deploying deception technology within the network or Security Operations Center (SOC) and called for further exploration to determine where this emerging technology fits into the overall cybersecurity portfolio. Cuatrecasas emphasized the need for users of deception technology to be prepared to make decisions based on what they discover, as they might encounter entirely unknown threats during the process.
Advice for Implementing Deception Technologies
Familiarity with Threat Intelligence and Realistic Environments
Woodcock offered implementation tips for deception technology, suggesting that familiarity and experience with threat intelligence could simplify rollout and management. Furthermore, he recommended creating an environment that appears authentic to potential attackers, with a seemingly locked-down network but a single server left vulnerable. This approach helps deceive attackers and provides organizations with valuable insight into their tactics and intentions.
Effective Communication and a Strong Business Rationale
Ashenden advised initiating discussions with senior management to clearly articulate what the technology aims to achieve and how it benefits the wider organization. It is crucial to present a strong business rationale for investing in and utilizing deception technology.
Editorial: Balancing Expectations and Practicality
While deception technologies hold promise as a potential solution for detecting attackers within networks, it is essential to carefully evaluate their maturity and capabilities. The concerns raised by experts at Infosecurity Europe highlight the need for organizations to strike a balance between embracing cutting-edge technologies and ensuring their practicality and effectiveness. Adopting these technologies without fully understanding their purpose and potential implications can lead to wasted resources and potentially compromised security.
The Philosophical Debate: Deception and Ethical Boundaries
Beyond the technical aspects, the emergence of deception technologies sparks a philosophical debate surrounding the boundaries of ethical cybersecurity practices. Deception involves creating a false reality to trick attackers, which raises questions about the tactics organizations are willing to employ in pursuit of securing their networks. As cybersecurity evolves, it is crucial to consider the ethical implications of deception technologies and ensure they align with organizational values and principles.
Conclusion
While deception technologies may offer an alternative method for detecting attackers within networks, their maturity and effectiveness are still in question. As organizations explore these technologies, they must carefully evaluate their resource-intensive nature, deployment challenges, and fit within the cybersecurity portfolio. By considering implementation tips such as leveraging threat intelligence and creating realistic environments, organizations can effectively mitigate risks. Additionally, open communication with senior management and a strong business rationale can help ensure alignment with organizational goals. However, it is essential to strike a balance between adopting cutting-edge technologies and maintaining practicality, while also considering the ethical boundaries of deceptive practices in cybersecurity.
<< photo by Christopher Burns >>
The image is for illustrative purposes only and does not depict the actual situation.
