Good thing about when Anton is away is I’m always able to jump and announce our new research ahead of him 🙂
So, the update to our “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” paper has finally been published. This is a minor update, but as with every updated paper, it has changed for better. Some of the highlights
- New, and more beautiful pictures (thanks to our co-author Anna Belak for making our papers look 100% better on the graphics side!)
- Additional guidance on how to test deception tools (tip: put your Breach and Attack Simulation tool to use!)
- A better understanding on how the Deception Platforms are evolving and what are the current “must have” features you’ll find there
We also tuned key findings and recommendations, including these:
- Evaluate deception against alternatives like NTA, EDR, SIEM and UEBA to detect stolen-data staging, lateral movements, internal reconnaissance and other attack actions within your environment.
- Deploy deception-based detection approaches for environments that cannot use other security controls due to technical or economic reasons. Examples include IoT, SCADA, medical environments and highly distributed networks.