Cyber deception

What is cyber deception?

Cyber deception is a proactive security and defense tactic which hinges on deceiving bad actors and malicious attacks. Industry-leading cyber deception solutions pick up where conventional security tools leave off – employing at two-step process to slow down and surface unknown and zero-day threats. First, using decoys, bad actors or intrusive malware are diverted toward engaging look-a-like, fake assets. Once engaged with, high fidelity alerts are immediately sent to key stakeholders and security systems, flagging ongoing threats before they reach or compromise actual systems or data.

How does cyber deception help combat ransomware?

Cyberthreats have reached record highs and are continuing to expand in both scope and sophistication, with one goal in mind – compromise your systems and your data. And while encryption is still a primary focal point for ransomware gangs, bad actors have evolved, employing double and triple extortion tactics to exploit businesses data. In fact, over 83% of ransomware attacks today involve some form of data leakage, exfiltration, or theft. Put differently, most ransomware threats aren’t just focus on holding your data hostage but monetizing it in new ways.

Cyber deception arms today’s businesses with early warning signals into ransomware attacks. While conventional security tools aim to harden and fortify your perimeter from threats, cyber deception actively defends against threats that have successfully bypassed or breached customer environments. Using sophisticated decoys, cyber deception solutions engage bad actors the moment an attack begins. This delivers a multi-layered defense against ongoing attacks, equipping businesses with capabilities to immediately divert and spot silent threats – before data is lost, damaged, or compromised.

What is data exfiltration and leakage?

Ransomware gangs have shifted their approach. They no longer just settle for encrypting data – but seek larger payouts by comprising businesses and data in new ways. Now, the goal often is to extort data in multiple ways, by stealing, leaking, or damaging it along the way.

Data exfiltration is when malware or bad actors enact an unauthorized data transfer from one device or system to another. This is a form of data theft that is also known as data extrusion or data exportation, which are infiltrated through a wide variety of means (such as phishing, etc.). Data leakage is another form of theft which occurs when transmission from within an organization is purposefully sent to an external source or recipient. Leakage can expose sensitive or valuable business data to unwarranted parties including nation states, public forums, and the dark web.

In both instances, exfiltration and leakage present to new challenges and imperatives to safeguard data – beyond just recovering from post-encrypted states.

What are threat sensors?

Threat sensors are a unique, central aspect to Metallic® ThreatWise™ cyber deception capabilities.  Unlike honeypots, Metallic threat sensors are designed to actively engage bad actors the moment an attack begins. Using a light-weight, webservice-like architecture, Metallic threat sensors are highly specialized, can mimic any customer asset, and can be rapidly deployed in minutes. This floods customer environments with falsified digital assets that are indistinguishable to attackers.  They do not interfere with normal operations within an organization’s network, but lure attackers in with decoys that divert and trick cyber attackers during recon, discovery, lateral movement, and more. When a bad actor touches a threat sensor, real-time high-fidelity alerts are directly passed to key stakeholders and security tools for remediation. And because threat sensors are only visible to an attacker, businesses get highly precise notifications without false positives – for a direct line of sight into activity, attack paths, and techniques deployed.

What are honeypots?

Honeypots are a conventional form of threat detection. Rather than engaging an attacker, honeypots are designed to examine and learn from attackers and their attempts. Honeypots differ from threat sensors as they are traditionally leveraged to investigate and study how cybercriminals operate – not engage, surface, and divert ongoing attacks. Honeypots are commonly a network-attacked, full operating system – making them more resource-heavy to develop, monitor, and maintain.

How is Metallic® ThreatWise different?

Metallic® ThreatWise™ delivers integrated cyber deception across our award-winning DMaaS portfolio, to proactively defend data and enhances recoverability, before encryption, leakage, exfiltration, or damage. ThreatWise™ combines game-changing, early warning alerts with rapid response capabilities to enable customers to neutralize otherwise undetected attacks before they cause any harm. Even the stealthiest zero-day attacks are detected and diverted despite their efforts to circumvent traditional detection tech and security controls.

Other traditional solutions certainly provide baseline capabilities, but these only operate within backup environments and detect and deal with threats after it’s already too late to completely safeguard the data. ThreatWise™ enables organizations to immediately reveal latent and silent threats traversing network environments to neutralize ransomware activity before it reaches the target.

This is truly unique pre-attack identification and containment, redefining the data protection market. Metallic is the single solution capable of identifying, deceiving, and recovering from threats across your data estate.

A free trial designed for your real world

Try the fully functional, full-service product today, and see how Metallic can serve your needs directly.