This article is fourth in a five-part series being developed by Dr. Edward Amoroso in conjunction with the deception technology team from Attivo Networks. The article provides an overview of using deception as part of a proactive defense, including strategies for deception deployment, post-compromise, incident response, and mitigation against returning attackers.
Proactive and balanced defense
For many years, enterprise cyber security was primarily reactive. That is, a network perimeter was established to prevent attacks, and if a breach occurred, then response activities were initiated. Typical cyber response activities would include perimeter adjustments, vulnerability remediation, and damage containment. The methodology of prevent, detect, and respond (in that order) has thus driven cyber security design for most teams.
This methodology is fine, so long as balance exists across the tasks. For example, it is obviously better to prevent something than to deal with its consequences, but this is not always possible. Each task thus plays a role in enterprise security. The problem is that in many recent cases, the emphasis has tilted toward response – often called a…
