Speakers
Synopsis
In this session you will learn how to design, build, and implement a deception strategy, mapped to the Mitre Engage framework, and the adversaries targeting your business. Deception in Depth refers to the layered approach of deploying multiple deceptive tactics that assists in not only detecting and disrupting APT threat groups, but also in the identification of insider threats. By deploying a deception capability, mapped to your adversaries, will help ensure that your environment is resilient to the latest cyber threats.
This session will demystify the misconceptions about deception and introduce the Engage framework, providing detailed guidance on how to implement deception strategies and tactics without having to spend money on additional technology or products.
Adversaries are continuously updating their tactics, techniques and procedures (TTPs), meaning traditional detection capabilities are often unable to expose advanced threats operating within an organisation’s environment. By deploying a deception strategy, an organisation can achieve the following benefits;
Early Detection of Threats: Deception technology can be used to create a false environment that mimics the real network or system. Attackers who attempt to infiltrate the network are redirected to this decoy environment, which can alert security teams about the attack early on. This helps in detecting threats before they can cause any damage.
Increased Situational Awareness: Deception technology can help security teams gain a better understanding of how attackers behave and what their objectives are. By analysing the tactics, techniques, and procedures (TTPs) of attackers, security teams can gain insights into their motives and develop effective countermeasures.
Reduced False Positives: Deception technology can reduce the number of false positives that security teams have to deal with. This is because the decoy environment is not used for legitimate purposes, so any activity detected in that environment is most likely malicious.
Enhanced Incident Response: Deception technology can improve incident response times by providing security teams with real-time alerts about attacks. This can help them take swift action to contain and mitigate the attack before it can cause any damage.
Cost-Effective: Deception technology can be a cost-effective way to enhance security. It can be used in combination with other security technologies to provide an additional layer of defence without the need for expensive hardware or software.
By coupling adversarial threat modeling, along with an organisation's knowledge of their crown jewel assets and data repositories (e.g. via a Crown Jewel Assessment or detailed asset inventories), a tailored deception strategy can be designed. This will look at building strategies for; Detection, Direction, and Disruption of the adversaries targeting an organisation. These deception tactics can often be deployed without an organisation having to spend any money, leveraging the technology stack already present in the organisation.
During the session I will discuss various deception tactics; Lures, Personas, Pocket Litter, and more, and then demonstrate how to create fake deception accounts, and injecting these account credentials into memory, which will only be seen if a threat actor dumps the RAM from a system, meaning chances of false positive alerts are limited.
