As well as death and taxes, the one thing that you can be certain of in 2019 is that your online presence and information is under attack. While these unrelenting cyber attacks are a concern for everyone, those charged with protecting citizen data and national security for federal government agencies are particularly concerned.
The good news is a new tool exists that will fortify the defenses protecting critical information. According to Ray Bauer, Managing Director, Public Sector, Cybersecurity & Advanced Communications at Verizon, Deception as a Service (DaaS) is the latest tool that federal Infosec teams should consider adding to their cyber arsenal. “Deception as a Service helps level the playing field by making it much more difficult for attackers to know what is real and what is a decoy,” he shared.
DaaS creates an environment of realistic decoys – everything from dummy data sets to bogus credentials and ransomware bait – to confuse attackers and cause them to identify themselves as they attack the decoys in search of the real target. As well as deceiving external attackers, deploying decoys assists in insider threat mitigation by identifying agency team members who stray into unauthorized areas and significantly reduces dwell time of APTs.
“Deploying Deception as a Service might seem like it would be a heavy lift, or resource intensive,” says Bauer. “However, with virtualization tools the time to set up is minimal, especially when you consider the return on investment. Deception as a Service also relieves the most common stressors on an InfoSec team. There’s no tuning, nothing to configure, no updates to make, and, most importantly, no alert fatigue.”
As federal agencies collaborate with both private sector MSSPs and with each other as part of the Department of Homeland Security’s Continuous Diagnostics and Mitigation Program to combat cyber threats, being able to construct the broadest view of the nation’s cyber risk is a vital and viable proposition. The information that can be gathered by agencies employing Deception as a Service will aid in better understanding of risk – from the context of an attack to its unique signatures – and will improve the security and stability of the nation.