\u00a0<\/span><\/h3>\nThe use of Deceptive on an IS can have several objectives:\u00a0<\/span>\u00a0<\/span><\/p>\n\n- \u00a0<\/span>Detect <\/span><\/b>an intrusion\u00a0<\/span>\u00a0<\/span><\/li>\n
- \u00a0Distract <\/span><\/b>the attacker\u00a0<\/span>\u00a0<\/span><\/li>\n
- \u00a0Analyze <\/span><\/b>the techniques used in the attack<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/01\/1-1.jpg\")
<\/span><\/p>\n\u00a0<\/span><\/p>\nThis technology can be used at different levels of maturity, depending on the needs identified<\/strong>.\u00a0\u00a0<\/span>\u00a0<\/span><\/p>\nThe<\/span> technology can be used to meet many of the needs mentioned above, but the key is to determine our requirements for this technology in advance. If we restrict the need<\/span>s for<\/span> detection, it should be noted that the configuration, deployment and maintenance of Deceptive will be far less complex than if we push the possibilities of this technology to the maximum (e.g. setting up complex scenarios to lure the attacker and strategic analysis of his actions).<\/span><\/p>\n\u00a0<\/p>\n
The benefits of Deceptive<\/span>\u00a0<\/span><\/h3>\nWhy Deceptive\u202f?<\/span>\u00a0<\/span><\/h4>\nAs discussed in the introduction, today’s cybersecurity challenges are fueled by the need to detect and react to growing attacks.\u00a0<\/span>\u00a0<\/span><\/p>\nDeceptive does not replace existing standard cybersecurity solutions<\/strong>. <\/span>Being a <\/span>m<\/span>ore complex<\/span> tool<\/span>, it acts as a complement<\/strong> to cover all types of attack<\/strong>, including the most sophisticated.\u00a0<\/span>\u00a0<\/span><\/p>\nThis technology is not designed to prevent an attack<\/strong>, but to alert security teams, minimize the effect<\/span>s<\/span> of the attack and observe the intruder’s modus operandi (“Detect, Distract & Analyze”).<\/span>\u00a0<\/span><\/p>\nHoneypot VS Honeytoken<\/span>\u00a0<\/span><\/h4>\nPresentation of concepts<\/span><\/i>\u00a0<\/span><\/h5>\nD<\/span>epending on the need<\/span>s<\/span> and how they are to be used<\/span>, different type<\/span>s<\/span> of decoys <\/span>exist<\/span>. <\/span>Whatever the case<\/span>, they take on the appearance of attributes that make up our Information System.\u00a0<\/span>\u00a0<\/span><\/p>\nThe best-known decoys are “honeypots”.<\/strong> These are servers or workstations that imitate real machines on the network. There’s also what’s known as a “honeynet”: a network of servers.\u00a0\u00a0<\/span>\u00a0<\/span><\/p>\nAnother type of decoy is of growing <\/span>in popularity<\/span>. This is a decoy that hides directly on a system. These are generally represented by documents or other files whose role is to trigger an alert when someone comes to interact with them. Finally, we have “honeytokens”,<\/strong> which are data, information, often secrets or keys used to access a dummy resource on the IS (a honeypot, for example).<\/span>\u00a0<\/span><\/p>\nA fundamental difference<\/span><\/i>\u00a0<\/span><\/h5>\nTraditionally, <\/span>honeypots<\/span><\/b> enable <\/span>the <\/span>observation and understanding of <\/span><\/b>an <\/span><\/b>attacker’s actions<\/span><\/b>,<\/span> as well as<\/span> detecting an intrusion. The difficulty in this case is to configure a decoy that is attractive and credible enough for the <\/span>attacker to fall into the trap, without delivering information that could compromise a component of our real infrastructure.\u00a0<\/span>\u00a0<\/span><\/p>\nHowever, <\/span>honeytokens<\/span><\/b> can be more complex and enable the creation of <\/span>a <\/span>finer and more credible decoy. <\/span><\/b>Without honeytokens, the probability of trapping an attacker is lower, and analysis results are not always reliable. The honeytoken’s dependence on its environment makes it <\/span>more<\/span> attractive <\/span>in comparison to <\/span>a honeypot<\/span>, which represents no more than a trap with no possibility of subsequent escalation. For honeypots to be effective, we recommend deploying one or more complete honeynets,<\/span> however it i<\/span>s important to consider the\u00a0<\/span>cost of such an infrastructure.\u00a0<\/span>\u00a0<\/span><\/p>\nCloud technology development<\/span>\u00a0<\/span><\/h4>\nToday, the challenge for the most mature <\/span>Deceptive<\/span><\/b> solution vendors is to develop specific services in the <\/span>Cloud<\/span><\/b>.\u00a0<\/span>\u00a0<\/span><\/p>\nIndeed, companies are increasingly using the Cloud to <\/span>extend their storage, deploy virtual machines<\/span><\/b>, containers and so on. <\/span>This provision of services is very popular and effective, but at the same time, the interest of cyber-attackers is growing. Templates, or default configurations, make life easier for businesses, but can increase cybersecurity risks. Even though many Cloud providers are making great strides in this area, default configurations don’t always comply with IT security guidelines.\u00a0<\/span>\u00a0<\/span><\/p>\nThe Cloud is therefore a new playground for cyber-attackers. That’s why we’re focusing today on adapting our knowledge of Deceptive to <\/span>protect Cloud environments and services too<\/span><\/b>.\u00a0<\/span>\u00a0<\/span><\/p>\n\u00a0<\/p>\n
Overview of the main publishers on the market<\/span>\u00a0<\/span><\/h2>\nIt’s important to note that <\/span>Deceptive<\/span><\/b> is not reserved for overly complex applications. There are <\/span>all kinds of offers on the market<\/span><\/b>. Some <\/span>companies <\/span>offer services that enable you to obtain a complete <\/span>off-the-shelf<\/span> tool<\/span>