“Security deception” is a relatively new term for an old idea in the security industry; tricking attackers into thinking they’ve accessed something restricted or important so that the defenders can monitor their behavior. Other, older technologies like sandboxing and honeypots do the same thing in different ways, so the terms can get muddled together. WatchGuard Sr. Security Analyst Marc Laliberte recently wrote a guest article for Dark Reading explaining the differences between these three technologies and the ideal use case for each. Here’s a summary of Marc’s main points:
Sandboxing allows malware to run in a secure environment so that researchers can analyze what it does. Many antivirus products also use sandboxing to determine if suspicious files are malicious, which is important because modern malware is frequently obfuscated to disguise itself from signature-based anti-malware products.
Honeypots are intentionally vulnerable, “fake” systems designed to welcome attackers in with the goal of allowing researchers and analysts to observe their techniques and behaviors. Then the researchers can apply what they learned to better defend the real network. Most businesses will benefit from a honeypot, but they require significant security expertise to set up and maintain.
Security deception is a newer term, reserved for advanced honeypots that use more automated methods of deployment, detection, and defense. This technology is still primarily only available in niche products at the moment, but over the next several years we will see them gain wider adoption within the market. Here’s an excerpt from Marc’s article explaining the use case of security deception products in more detail:
“At present, these tools are particularly relevant for high-profile targets such as government facilities, financial institutions, and research firms. Organizations still need a security analyst to parse the data from security deception tools, so smaller companies without specialized security staff typically wouldn’t be able to tap into the benefits. That said, SMBs can benefit from contracting with security vendors that offer analysis and protection as a service.”
Read the full article on Dark Reading and learn more about each of these important security tools and their ideal use cases. To learn more some of the kinds of attacks that these solutions can prevent, check out more of our blog posts here on Secplicity.