The financial services industry has been on the radar of hackers for a while now. In fact, banks are routinely targeted by sophisticated actors as well as script kiddies. Banks with mature cybersecurity practices do not work with the assumption that their systems are secure. Instead, they are constantly on the lookout for threats that can harm their assets. They are also regularly investing in methods to improve security while subtracting any assumption of invincibility.
Threats that are already on the networks of banks are very hard to detect and neutralize. They may have already controlled applications and exfiltrating data and information on system users. Conventional security systems that are based on ancient or outdated detection techniques will lead to a deluge of false positives (some of which could even be initiated by hackers to ensure detection fatigue).
With passive defense, banks are always on the defensive which translates into
- Hackers having the upper hand in going after banks
- Tons of false positives that can cripple the functioning of a security operations team
- More often than not, security teams in banks do not have the skillsets to tackle sophisticated threats
- There is no way for a bank to even know what kind of targets are hackers planning to go after
- Even with a more disciplined threat hunting program, threats can still slip through
The solution, therefore, is to have an active defense posture using decoy and deception to trick hackers into believing that they are targeting real systems. Such systems bring in a very high level of clarity in terms of understanding hacker behavior, tools, tactics, and targets. Hackers will be kept engaged and their attack cycles will be wasted on decoy infrastructure that is of no value to a bank.
How the decoy and deception systems work
Decoy and deception systems work by creating fake digital twins of real infrastructure that mimic every possible attribute of the system it is mimicking. These decoys are strategically located and when a hacker enters a banking network, they will discover these decoys first before they discover real systems. Once the decoy is discovered, the hacker will try and lay multiple backdoors and try out ways to drop more potent malware into the fake system.
Once this is done, the hacker will move around the fake network and try and locate assets of significance and exfiltrate data and credentials. They may even use stolen credentials to access sub-directories or subsystems. All this while the hacker will have no idea that they are going after a fake system.
Deception systems are often built to be triggered by active thresholds and these can be changed based on the threat perception of a bank. Servers, work machines, laptops, networking gears, wi-fi systems, CRM, or other front systems can all be turned into decoys. Threat actors can hypothetically be kept engaged for an extended amount of time and even made to feel as if they have got real data or have entered the real network when they would be quite far away from the real infrastructure.
Essential characteristics of a decoy and deception system
Before purchasing a decoy and deception system, the following traits of the solution being considered should be analyzed:
- Ease of deployment: the solution should be easy to deploy and integrate with the IT environment of a bank
- Custom dashboards and UI: configuration of data and control dashboards should be an easy task as well
- Degree of mimicry: the solution should be able to comprehensively mimic the tech environment with as many attributes as possible being covered
- Scalability: the decoy and deception solution should be able to meet the growing needs of the bank it is deployed in
- Handle false positives
- Detect and engage scans: attempted reconnaissance activity should also be engaged by the solution
Decoy and deception solutions represent an easy way of engaging and studying threats and bad actors without compromising on data or infrastructure availability.
Learn about Sectrio’s solution
Get in touch with us to learn how our threat assessment capability can help your business.