Proactive defense in cyber security is difficult to achieve. Nettitude’s research team investigated the use of deception technologies to gain further insight and intelligence of how they could be used to proactively protect an enterprise level environment. Its findings show that deception technologies are still immature. More effort needs to be invested into designing and engineering systems that can gather information in this area of research, and later transformed into actionable intelligence.
The following observations were made during the research period:
1 . There is an overall poor deployment of deception technologies. It is also reasonably simple to depict them as deception technology.
2 . The deceptive elements of current deception technologies are weak. The exposed elements of deception technologies are weak and too repetitive.
3 . Most attacks on the Internet are NOT sophisticated.
4 . The quality of generic intelligence gathered by open source platforms is questionable and likely to create noise in security operation center environments.
5 . Deception platforms normally only capture the first stages of attacks.
6 . More mature deception technologies are needed to capture second and third stage malware.
7 . The attention is focused on the volume rather than the quality.
8 . Despite the current standard of deception technologies many attacks are still observed and reported. This translates to many automated attacks looking for the path of least resistance.
9 . Most deception technologies exposed directory browsing to the attacker as a sign of a vulnerable system. This led us to question whether espionage is the main concern of companies.
10 . We believe four government institutions are utilizing deception technologies within their infrastructure (Japan, Iran, Thailand and Cambodia).
Download the full report
Want to find out more? Download the full R&I report.