Improve your security with Deception Techniques
How can you use Deception Strategies and Techniques in your environment
Make it difficult for attackers
If attackers don’t know whether they are moving among real servers, decoys, o just plain planted misinformation, they have to move with extreme care o risk being found.
Too much effort
Make your enemies evaluate discovery they made about the attack surface they face. Make it tough for them to separate the real from the fake. Make them work extra hard while you are aware of their activities.
Is this real?
Seed your networks with misdirection and very real documents, services and servers, making your intruders ask themselves on each and every step if they get useful info or just fake breadcrumbs.
Oh my God!
Each and every dead end your attackers hits drains their will to continue. Make them question, on every move, if you are the right choice to attack.
Deception is fundamentally psycological
Leave breadcrumbs that will lead to nowhere. Build an entire parallel reality of your network made up of decoys that carry on real and simulated services for your attackers not to know when they hit a “real fake”.
Help your defenses by building denial controls based on intelligence you gather from actual attacks to your decoys.
Trick your enemies into a mined network of services and documents that will have them occupied wondering if what they got has any value or not.
Hide real assets among a forest of decoys that are almost impossible to differentiate from them. Plant fake users, documents, services and servers that are hard to tell if they are of any value.