Using Deception for Early and Efficient Threat Detection
- LANGUAGE: English DATE: Wednesday, October 28, 2020 TIME: 3:00pm CET, 10:00am EDT, 7:00pm PDT
Most organizations are benefiting from the scalability, flexibility, and convenience of modern cloud services and new, highly distributed hybrid corporate networks. Unfortunately, many have also learned the hard way that defense of these systems and the assets they contain continue to remain prone to and the victim of cyberattacks and other security risks.
To combat modern cyber threats, organizations have invested in more and more tools focused on threat detection leveraging big data analytics and user behavior modeling―generating massive waves of alerts, which too often turn out to be false positives. Analysts spend too much time chasing benign behavior and consequently, real attacks are slipping through. Behavioral and activity-based detection solutions powered by machine learning are still probabilistic in nature, requiring cycles of manual effort to truly track down and confirm if a threat is present. More deterministic approaches are required to quickly find and respond to real threats effectively in real-time.
Distributed deception platforms offer an interesting alternative approach. By deploying deceptive network artifacts designed to authentically mimic real resources, e.g. domain credentials, within a data center or cloud environment that hackers seek to find and leverage as a means to facilitate their attack, these solutions fool attackers into engagement―triggering identification of their presence. The use of deception platforms helps organizations detect and contain cyberattacks sooner in the attack process―regardless of established patterns of user activity baselines.
Because these solutions alert only on attacker interactions with a deceptive asset, not mere deviations from a “normal behavior profile”, the high fidelity nature of these alerts helps Incident Response teams take immediate steps to stop the threat armed with detailed forensic intelligence collected in real-time from the attacker’s specific actions.
Join this webinar to discuss:
the challenges of behavior threat detection technologies and how to deal with them
the benefits of a more deterministic approach based on threat deception
improving the efficiency of your existing security operations center
best practices for deploying modern distributed deception solutions
Alexei Balaganski, Lead Analyst at KuppingerCole, will talk about the evolution of threat detection technologies, challenges modern digital enterprises are facing, and approaches to overcome them.
He will be joined by Wolfgang Halbartschlager, Sales Engineer EMEA at Illusive Networks, who will present a deeper technical overview of threat deception technology and will talk about practical issues of adding such solutions to your existing security infrastructure.
Totseret Ha-Arets St. 7 • 6789104 Tel Aviv-Yafo • Israel
lllusive continuously discovers and automatically mitigates privileged identity risks that are exploited in all ransomware and other cyberattacks. Despite best-practice investments to protect identities, including deployment of PAM and MFA, 1 in 6 enterprise endpoints holds exploitable identity risks.
Illusive makes it easy for security teams to get visibility into the vulnerable identities sprawled across an organization’s endpoints and servers, then eliminate them or deploy deception-based detection techniques as a compensating control to stop attackers. Illusive has participated in over 140 red team exercises and has never lost one!
Founded by nation state attackers, Illusive’s technology is trusted by large global financials, retailers, services organizations, and pharmaceuticals.
Today’s IT environments blend applications and services from multiple public cloud networks, private clouds and on-prem networks, making it difficult to view and inventory assets deployed across complex hybrid networks, and keep track of the security risks. Organizations need to find a way to improve visibility, identify and prioritize risks, and maintain cyber resiliency.