Achieving zero false positives with intelligent deception [source: helpnetsecurity]
Cyber attacks are not single events. When attackers compromise an asset, they don’t know which asset is infected. They must determine where they are in the network, the network structure and where they can find valuable information. That means attackers carefully try to find out as much as possible about the organization. This is precisely the behavior that intelligent deception technology can exploit in order to thwart attackers and protect organizations.
Breadcrumbs are clues for a potential attacker that an intelligent deception platform intentionally leaves behind on organizational systems. These clues create a false trail that lead attackers to decoys and traps that catch them while protecting real assets. However, in order for breadcrumbs to be effective, they must look and feel like real information and credentials to an attacker and create a persuasive false trail back to deception decoys and traps.
There are four kinds of breadcrumbs that can combine to thwart an attacker as they seek evidence of credential and connection that they require to complete their mission of theft and destruction. These are:
- Credential and Active Directory breadcrumbs
- File and data breadcrumbs
- Network breadcrumbs
- Application breadcrumbs.
For more, click here.