Cybersecurity Moneyball Part 1: Managed Deception for Easy Outs
In a previous blog, we discussed how the “businessification” of cybercrime has coalesced around tried and true tools, techniques, and procedures, giving us a solid understanding of how these attacks happen. Security product vendors have made massive strides in developing capabilities to detect criminals carrying out their attacks; however, it’s not a perfect solution. If it were, there would be no cybercrime.
To be clear, Binary Defense is not trying to compete within the endpoint detection and response (EDR) market or claim that investment in an EDR solution is not valuable (it is!). Rather, our stance is that even though endpoint security products have improved significantly in detecting malicious activity, based on our observations, attackers can evade detection by security products for various reasons such as bypasses or misconfigurations. This is where deception really shines and forms the core of our cybersecurity Moneyball strategy.
Given our relationship with our sister company TrustedSec and our in-depth knowledge of how attackers operate, we understand how security controls can be subverted and exactly what is valuable to attackers. We can leverage this information to implement a series of traps, tailored for the environment, for “easy outs.”
At Binary Defense, we love deception and see the value it brings to an overall detection and response strategy. We also understand the challenges security leaders face when trying to implement it. In response, we have built an entire managed deception capability within our BDVision MDR solution, which simplifies and reduces the cost for organizations to add deception capabilities. In this blog, we’ll explore Binary Defense’s managed deception capabilities and why they should be a consideration when evaluating the maturity of a managed detection and response (MDR) provider.
Why Managed Deception
From a technical and security strategy point of view, deception can be very valuable to any organization. However, deception has seen limited adoption outside a few sections of the market. This limited adoption appears to be due to the complexity and expertise required for implementation, increased costs, integration challenges with existing systems, and unclear return on investment. While security leadership can fully grasp the value of deception, they often struggle to make the case for it to business leaders because security has already received huge investments. Now, security leaders must go back to the business and ask for more money in case those solutions are bypassed or an attacker gains access to the network via a blind spot.
Following the rise of ransomware, which highly impacted enterprise workstations and servers, endpoint security tools added some deception capabilities. However, these are typically within a separate product suite, requiring additional cost and overhead, and are rarely, if ever, tailored to the environment. Additionally, the same endpoint security solutions that are adding deception capabilities are the ones attackers target to bypass, raising the question: “Who is watching the watcher?” An MDR provider is only as good as the data they receive, which is why we have architected our BDVision solution to operate as a backstop to a client’s security solutions if sensors are blinded.
Fundamentally, the issue with deception does not appear to be within the deception concepts but rather in providers not offering a mass-market solution that addresses the issues facing deception adoption.
What is Managed Deception
Binary Defense’s Managed Deception capabilities aim to target the issues inhibiting deception adoption by providing a cost-effective, low overhead, and effective deception solution that comes built-in and fully integrated with our MDR service. This means when you choose BDVision as part of our MDR, you not only get world-class MDR but also have the ability to add deception capabilities to your environment without additional licensing or overhead.
When a client signs on for Binary Defense MDR with BDVision, they automatically get integrated deception capabilities that are managed completely through Binary Defense MDR. This means clients do not need to deploy additional deception technology, manage alerts, or handle any tuning that may be required.
How Managed Deception Works
The deception capabilities are built directly into the Binary Defense Vision solution, offering MDR services with a fully managed deception solution from implementation, advancements, tuning, and alert management.
Managed Deception Webinar
To learn more about Binary Defense’s Managed Deception solution and why it’s a critical piece to a modern detection and response strategy, register for the Breaking Barriers: Making Deception Attainable.