The Art of Cyber DeceptionSarath Geethakumar

Cyber Security “War”“All war is based on deception” – The Art of War [Sun

Tzu (544-496 BC)]

• Weakest link – People /Technology?

PROBLEM OF ONE

• ~ 300 million threats found every year

• ~ 150K malicious files detected each day – 4.5M every month

• Defenders must stop every permutation of every attack

• Adversaries need to just find one

$$

$

$$

$

$

Easier

$

HARD EASY

Attack Surface

Cyber Attacks rely on deceptionExpected TrafficMalicious Traffic: Day 1Malicious Traffic: Week 1Malicious Traffic: Month 1Malicious Traffic: Month 6

Cyber Kill Chain

• Effective Deception: influence 7% behavior• < MTTD < MTTR

• Rapid threat hunting & isolation

• Integration with security and network tools

• Early detection + Rapid Response• 90% protection by traditional tools 10% = 5.5M Files

• “Needle in a haystack”

• Human behavior is 93 percent predictable

Recon Weaponize Deliver Exploit Control Persist Exfiltrate Disrupt

1

1 https://cos.northeastern.edu/news/human-behavior-is-93-predictable-research-shows/

Think Like the Adversary - Deception

DETECTION

Deception

InstrumentationIsolation

Analysis

Standard Security Tools:• Detects 90% of known exploits• Tools: AV, IDS, IPS, Firewalls, WAF

Deception Technology: • Detects confirmed

exploits• Zero-Day Exploits• Lateral Movement• Post-Exploits

• Integrate DeceptionTechnology with AV, IDS etc.

• Share threat details • Generate/Share IOC• Roll out IOC to all systems

• Auto-isolate infected systems

• Retain access to honeypots• Integrate deception nerve

center with NAC, Firewalls & virtual SDDC components

• Continue analyzing CnCtraffic and attack vectors

• Generate IOC/Threat Intel• Share updated IOC with

Questions