SEC550: Cyber Deception – Attack Detection, Disruption and Active Defense

Traditional defensive controls are failing us. The time it takes for an attacker to go from initial compromise to lateral movement is rapidly decreasing while the time it takes to detect and effectively respond to breaches is measured in weeks or even months.

To reduce risk, defenders need better ways to quickly detect adversary activity while also collecting information to facilitate faster and more effective response. Cyber deception is the solution for reducing this response time and minimizing cost.

Instead of attempting to normalize a production environment, what if we placed resources in that environment that have no production value or use? These resources could be user accounts, credentials, services, open ports, computers, or even complete networks.

Because these resources are not part of normal production operations, normal can be defined as no interaction or no use. Because there is no reason for legitimate interaction with these deceptive resources, any interaction is abnormal and there are very few false positive alerts, creating a high fidelity, low noise detection solution.

Furthermore, because the deceptive resources can be monitored and/or configured to generate logs, defenders can collect significant amounts of actionable threat intelligence and attack attribution information facilitating faster and more effective response. Better yet, this all occurs while the attacker is busy attempting to hack deceptive systems, distracting them from actual production resources.

SEC550: Cyber Deception – Attack Detection, Disruption and Active Defense will give you an understanding of the core principles of cyber deception allowing you to plan and implement cyber deception campaigns to fit virtually any environment.

During this hands-on class, you will not only learn deception theory and concepts, you will play an active role working with deception technology through over 15 hours of guided exercises. By the end of the class, you will not only understand the value of cyber deception, you will have practical experience you can immediately implement in your own computing environment.

You Will Learn:

• Why cyber deception completely changes the information security game
• How to use cyber deception to detect attackers on your network as much as 90% faster than traditional detection technologies
• How to collect actionable threat intelligence and attack attribution information through the use of deception
• How to create an environment where attackers need to be perfect to avoid detection, while you need to be right only once to catch them
• How to actively engage attackers in real time
• How to thwart attacks before attackers send a single packet towards your network
• How to take back the advantage from attackers