Let’s get something out before we start here – Deception isn’t an active blocking technology. It’s not going to stop attackers from breaking into your network and it sure isn’t going to proactively stop attacks from occurring. With that being said, you need it, maybe more than ever. Why is that? Because your defenses aren’t working and by using deception in your network it gives you the best opportunity to control the damage post-breach. With deception, you write the rules and lay traps for attackers as they actively scour for your data. It’s much harder to bypass deceptive technology when the decoys mimic genuine data or systems. The bad guys only have to mess up once and the trap is sprung.
We see attackers use deception all the time: spoofing, stolen accounts, phishing, rootkits, etc (to name a few), so why aren’t we doing similar tactics to confuse and misdirect them from stealing our data? There are many different types of deception, but for this article we’re focusing on data deception. In order to lay a trap for an attacker using deception in your data you must first understand your data. The first rule of deception is laying a trap that looks real. If the decoys don’t look genuine you’re not fooling anyone and this will spook experienced attackers to hide deeper in your network. If you’re using deception to protect data you need to ask yourself these three questions before laying decoys: