Deception technologies, touted as an advanced method to detect attackers within a network, are facing questions about their maturity and capabilities. During a discussion at Infosecurity Europe, cybersecurity expert Debi Ashenden emphasized that deception technologies are still relatively immature. These technologies, which have evolved from the concept of honeypots, are on the verge of maturing, but the lack of good use cases and reference customers willing to share their experiences remains a challenge.
Gonzalo Cuatrecasas, the CISO of Axel Johnson International, a Nordic industrial manufacturer, highlighted the importance of technology being mature enough to fulfill its intended purpose. Embracing immature technologies can lead to a situation where organizations become stuck, unable to effectively address security concerns.
Lewis Woodcock, Senior Director of cyber operations for shipping company A.P. Møller – Mærsk, raised concerns about customers fully understanding their underlying goals when implementing deception technologies. Woodcock cautioned against treating deception technology as just another trendy solution without considering the specific objectives an organization aims to achieve.
Ashenden pointed out that deception technology can be highly resource-intensive and many CISOs fail to grasp the necessity of implementing it. Additionally, Woodcock questioned how organizations would respond once deception technology is activated and an attacker is detected. The lack of preparedness and absence of action plans within organizations pose further challenges to effectively managing these technologies.
There is also uncertainty regarding the optimal deployment of deception technologies within networks or Security Operations Centers (SOCs). Ashenden stressed the need for further research to determine how this emerging technology fits into the overall cybersecurity portfolio. Cuatrecasas advised deception technology users to be prepared to make decisions based on the unexpected findings, as they may encounter threats previously unknown to them.
In terms of implementation tips, Woodcock suggested that having familiarity and experience with threat intelligence can simplify the rollout and management of deception technologies. He also recommended creating an environment that appears real to attackers, giving the impression that the network is tightly secured except for one vulnerable server. This tactic can provide insight into how adversaries perceive the network and allow organizations to plan effective responses.
Ashenden emphasized the importance of discussing the goals and benefits of deception technology with senior management. Garnering strong support and understanding from the wider organization, along with a well-articulated business rationale, are essential for successful adoption and usage.
In conclusion, deception technologies are still in the early stages of development, leaving security leaders questioning their maturity and capabilities. As organizations consider implementing these technologies, they must carefully evaluate their objectives, the potential resource requirements, and how best to integrate them into their cybersecurity strategies. Further research and real-world use cases are needed to build confidence in deception technologies and maximize their effectiveness in combating cyber threats.