Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Cyber resilience through deception: What businesses can learn from federal cybersecurity frameworks

By Michael Saintcross
Cyber Security default
November 20, 2020

When it comes to cybersecurity, a multifaceted approach is needed for resilience. In any resilience model, you have a primary site, a secondary site and so on to maintain business continuity of operations – fail-safe measures, if you will. For instance, if your business is based in New York City and the power goes out, you can operate remotely from a data center in Utah. It is about reducing the risk of operational impact.

With cyber resilience, it is the same kind of philosophy: reducing your cyber incident risk and not just relying on one line of defense or one capability you think will be the one that finally stops the bad actors. Looking at the standards for cyber resilience in federal agencies will help businesses understand both the essentials and the additional steps they need to take to fully safeguard their assets.

 

Why cyber resilience?

Organizations are trying no shortage of different technologies to improve their cybersecurity posture – whether it is SIEM, EDR, network analysis, behavioral analytics or other tools. These are all being deployed, and yet bad actors are still operating freely. Organizations are spending billions of dollars each year on cybersecurity, yet they are not getting a return on investment that provides sufficient peace of mind. 

Whether they are malicious actors, nation-states or other cyber criminals, they are still going undetected too often. In fact, according to the 2019 Verizon Data Breach Investigations Report, the average threat can lurk undetected inside an environment for over 100 days; 56% of breaches went undiscovered for months or longer. And according to the Mandiant Security Effectiveness report, released in May, more than 90% of attacks resulting in a breach didn’t generate an alert.  

Part of the problem is the way solutions are being implemented. For the most part, everyone is implementing the same control-based approaches (which are more compliance and policy-based) and the same technology approaches (vulnerability-based, indicator of compromise-based and so on).

 

Combatting APTs

Over the past several years, there has been a great deal of analysis of these different approaches, and specifically on how they’ve been applied to protect our national infrastructure – think government agencies or financial services. The NIST framework, the MITRE ATT&CK framework and other policies or plans that address federal agencies have outlined a new baseline that plans for cyber resilience. While these are directly focused on federal agencies, other industries can gain valuable insights from them.

There are certain essentials that have to be in place – the primary effects. These include logging, firewalls, intrusion detection and more. These “effects” are focused on protecting your perimeter. You must have other tools as well, such as multifactor authentication and identity and access management. But then you need to take it a step further, because these solutions will not do much to defeat advanced persistent threats (APTs).

Cyber resilience becomes particularly important when APTs are attacking an environment. APTs usually access an environment through a low-value asset that is easy to compromise, such as leveraging social engineering against a user to gain access to their laptop. Then the attacker furtively moves throughout the environment, from asset to asset, until they gain unauthorized access to a high-value asset.

Intrusion detection systems and other traditional detection approaches monitor environments for activity that looks anomalous, so they usually have high false positive rates, and they typically miss APTs altogether because of their stealth. Without cyber resilience, it is highly unlikely to find an APT amidst all the false positive activity.

 

The deceptive approach

Adversaries are operating at sub-second speeds – they run a scan, determine what is exploitable, and are back out before you know it. That means they know exactly how to move next time. While some of your alerts might go off, it is unlikely you will be able to keep pace with that speed. Therefore, you need cybersecurity solutions that are undetectable and deceptive.

The NIST and Department of Homeland Security frameworks now require deception technology to protect against APTs. MITRE recently introduced the Shield knowledge base, aimed at encouraging a conversation about active defense and adversary engagement. Highlighted in Shield is the concept of using deception, which makes it harder for attackers to find their targets, by wasting attacker resources and slowing down attacks. An example of deception is planting false resources rigged with hidden abilities or characteristics, such as setting up a beacon within a particular file so when an attacker opens or copies that file, the beacon triggers an alert.

When you set up a distributed deception strategy making all endpoints sensors, adversaries are forced to engage with deceptions even on low-risk systems and are paralyzed by their interaction with realistic deceptions. Their actions trigger 100% positive alerts allowing defenders to stop them before they get to those most critical data sets. It is an active defensive strategy rather than the wait-and-respond-as-needed approach.

 

Deceive and defeat

It is clear that cybersecurity requires a diverse approach – and that what most organizations have been doing still isn’t working. Intruders still find ways into corporate networks and often stay for a long time, doing as they please. This means another layer, a stopgap measure, is in order. The frameworks outlined by NIST, the DHS and others not only recommend but require deception techniques as part of a holistic cybersecurity strategy. Distributed deception keeps adversaries occupied with worthless assets while alerting the IT security team to their presence for stronger protection of your organization’s digital crown jewels.

 

KEYWORDS: business continuity cyber security information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Michael Saintcross is regional sales leader at Illusive Networks.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • data privacy

    What IT leaders can learn from the internet’s surprising resilience during COVID-19

    See More
  • Computer keyboard

    NIST & zero trust: What federal agencies can learn from the private sector

    See More
  • cyber freepik

    What modern cybersecurity can learn from ancient adversaries

    See More

Related Products

See More Products
  • 1119490936.jpg

    Solving Cyber Risk: Protecting Your Company and Society

  • 9780367339456.jpg.jpg.jpg

    Cyber Strategy: Risk-Driven Security and Resiliency

  • Whitepaper-Social-Media-3.gif

    Optimizing Social Media from a B2B Perspective

See More Products

Events

View AllSubmit An Event
  • September 3, 2024

    From DDoS Protection to WAAP: How Layered Protection Enhances Your Cybersecurity Strategy

    ON DEMAND: By participating in the webinar, attendees will gain enhanced knowledge of cyber threats and understand the current spectrum of cyber threats facing businesses.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing