"Over the last year, the NCSC has run a series of cyber deception trials, speaking to users, and analyzing the results to try and work out whether such tactics can increase observability, improve threat hunting, and even influence how attackers behave. The trials involved 121 organizations from across the UK, 14 commercial providers of cyber deception solutions, and 10 product trials across different environments, from cloud deployments to operational technology."
"So far, the NCSC said it's clear that cyber deception can work - but it's not always easy. While most organizations reckoned that cyber deception could offer real value, particularly in detecting novel threats and enriching threat intelligence, there was a lack of outcome-based metrics. "As with any observability and threat hunting methods, the effectiveness of cyber deception depends on having the right data and context," said the NCSC."
""We found that cyber deception can be used for visibility in many systems, including legacy or niche systems, but without a clear strategy, organizations risk deploying tools that generate noise rather than insight." Terminology is also a bit of a problem, with vocabulary across the industry often inconsistent, making it harder for organizations to understand what's on offer or even what they're trying to achieve. The NCSC said it now plans to standardize its cyber deception vocabulary."
Cyber deception and honeypots can disrupt attacks, improve observability, enhance threat hunting, and influence attacker behavior. Trials across 121 UK organizations, 14 commercial providers, and 10 product tests in cloud and operational technology environments showed potential for detecting novel threats and enriching threat intelligence. Effectiveness depends on having the right data, context, and a clear strategy to avoid producing noisy signals. Many organizations lack outcome-based metrics and face inconsistent industry terminology. Only around 10% publicly announce use of deception, although signaling its presence can reduce attacker confidence and increase costs for adversaries by wasting their time and disrupting methods.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]