Deception has long been a fundamental part of military strategy around the world, dating as far back as ancient Egyptian times. It’s a key part of Sun Tzu’s The Art of War. Technology has made methods of deception more sophisticated, of course, but the basic premise has stood the test of time: know yourself, deceive your enemy. Armed forces the world over have used this strategy, and civilian industries have a real opportunity to learn from the successes of the military when it comes to deception technology.
Highlights from the history of military deception
Examples of military deception are present in the ancient dynasties of China and Egypt. Sun Tzu’s famous book dates back to about the 5th century BC. The Carthaginian general Hannibal, considered one of the best military commanders of all time, used deception tactics extensively. And of course, everyone is familiar with one of the most successful deceptions of all time, the Trojan horse.
George Washington used deception repeatedly, including a ruse that allowed him to evacuate 9,000 soldiers from what seemed like a hopeless position. Following a disastrous defeat at the Battle of Brooklyn, the soldiers were pinned against the East River. Using all available flatboats and aided by heavy fog, Washington was able to evacuate all troops to Manhattan without detection. Campfires left burning helped with the deception. And later in American history, the Civil War saw the construction of a fake ironclad warship that sent Confederate forces fleeing. Deception also abounded in World War II, as when British forces in North Africa built a dummy railhead to protect the real railhead some distance away. The Soviets used a variety of deception tactics to install missiles in Cuba. The element of surprise is one of the most valuable commodities in battle, and deception has provided it time and again, making it a favourite tactic throughout history and to this day.
Bringing deception technology to the masses
Deception technology has a lot to offer to non-military organisations, and there is a lot to learn from deception’s successful track record in the military.
The many benefits of deception include:
- Organisations can steer away the biggest risk they have – the risk of high-impact cyberattacks, the type of attacks that can bring a company down.
- Cost savings through the reduction of false positive alerts, and dramatic reductions in incident response time. Security operations centre (SOC) efficiency is top of mind today, with floods of new alerts straining already overworked security teams. Modern distributed deception platforms produce only high-fidelity notifications, meaning less time wasted chasing false alarms, and less time required to research each incident. More efficient SOC processes mean less burnout and turnover, alleviating the security skills gap.
- Deception can help with both due diligence and integration when it comes to mergers and acquisitions (M&A) – assessing the attack surface is a critical step. When Verizon bought Yahoo, the discovery of a security breach reduced the acquisition price by $350 million. From assessing the attack surface in the due diligence phase to both assessing and detecting attackers in the integration phase, deception technology helps the acquiring company better understand their risk and the attack surface they will be responsible for going forward.
The deception market is evolving rapidly, with most analysts now actively promoting deception technology, and major global firms rolling out deception across their estates. However, two areas of confusion often still raise their heads. The first is that people tend to conflate honeypots and distributed deception. The two are not synonymous. Honeypots – now properly referred to as Fully Interactive Decoys, or simply Decoys – are a form of deception. Decoys have a role in threat intelligence gathering, but are not useful in detecting, diverting, or stopping attacks. Those who have learned about Honeypots in the past, do themselves a disservice in thinking this limited use technology represents the current state of the art of deception.
Distributed endpoint deceptions – tiny, inert, data elements broadly spread throughout the environment – offer the fastest, earliest, and most reliable attack detection mechanism available today. Environments protected by this easy to deploy, simple to operate approach are virtually invulnerable to successful attacks.
The second area of confusion is the misbelief that deception is somehow sophisticated or complex. For organisations that barely have mastered cybersecurity basics, deception may sound advanced. However, advances in automation and machine-learning have removed the challenges of deploying and maintaining highly authentic deception technology. Today’s platforms install, refresh, and operate almost hands-free, and are being effectively managed by security teams as small as two employees, as effectively as those with 10,000.
Best practices for implementing deception technology successfully
- Be very clear about what use cases you’re trying to solve. Establish clear objectives and evaluate and implement accordingly.
- Understand your organisation’s culture of change. While the ease and simplicity of today’s deception technology allows for near instant estate-wide deployment, some organisations take more of a phased approach. They may start with specific threat vectors. For instance, generally conservative large banks might deploy deception only around their SWIFT environment and, based on success there, expand deception to the rest of the organisation over time.
- Understanding yourself is first key to Sun Tzu’s deception strategy, "I will force the enemy to take our strength for weakness, and our weakness for strength, and thus will turn his strength into weakness" Unfortunately, many organisations don’t have adequate visibility into their own strengths and weaknesses. As you begin your deception implementation, the first step is to understand your attack surface, where might the attacker find weakness? Do you have exposed domain credentials? What pathways exist in your organisation that lead an attacker to your crown jewels? How can these be reduced?
Plan for success
Deception is an effective and fundamental military tool. It’s been practiced at least since ancient China and is still heavily used today because, if implemented properly, it works. Deception provides a proactive stance that lets you get ahead of the game. Rather than reacting to an attack, you are the one defining what happens, not the opponent.
Ofer Israeli, founder and CEO, Illusive Networks