The Art of Cyber DeceptionSarath Geethakumar
Cyber Security “War”“All war is based on deception” – The Art of War [Sun
Tzu (544-496 BC)]
• Weakest link – People /Technology?
PROBLEM OF ONE
• ~ 300 million threats found every year
• ~ 150K malicious files detected each day – 4.5M every month
• Defenders must stop every permutation of every attack
• Adversaries need to just find one
$$
$
$$
$
$
Easier
$
HARD EASY
Attack Surface
Cyber Attacks rely on deceptionExpected TrafficMalicious Traffic: Day 1Malicious Traffic: Week 1Malicious Traffic: Month 1Malicious Traffic: Month 6
Cyber Kill Chain
• Effective Deception: influence 7% behavior• < MTTD < MTTR
• Rapid threat hunting & isolation
• Integration with security and network tools
• Early detection + Rapid Response• 90% protection by traditional tools 10% = 5.5M Files
• “Needle in a haystack”
• Human behavior is 93 percent predictable
Recon Weaponize Deliver Exploit Control Persist Exfiltrate Disrupt
1
1 https://cos.northeastern.edu/news/human-behavior-is-93-predictable-research-shows/
Think Like the Adversary - Deception
DETECTION
Deception
InstrumentationIsolation
Analysis
Standard Security Tools:• Detects 90% of known exploits• Tools: AV, IDS, IPS, Firewalls, WAF
Deception Technology: • Detects confirmed
exploits• Zero-Day Exploits• Lateral Movement• Post-Exploits
• Integrate DeceptionTechnology with AV, IDS etc.
• Share threat details • Generate/Share IOC• Roll out IOC to all systems
• Auto-isolate infected systems
• Retain access to honeypots• Integrate deception nerve
center with NAC, Firewalls & virtual SDDC components
• Continue analyzing CnCtraffic and attack vectors
• Generate IOC/Threat Intel• Share updated IOC with
Questions