The overwhelming majority of our defensive security solutions focus on the tools and technologies used by attackers. Unfortunately, as we have seen countless times in the past, when you pit static technology against a creative, determined human being, the human always wins. Fortunately, there is an answer; cyber deception. Cyber deception targets the human that is the attacker, creating a situation where they are unknowingly influenced to take actions advantageous to defenders. If they become aware of the deception, they are then forced to question every aspect of their interaction with their target ultimately slowing them down. Best of all, attackers don't need to fall victim to every deceptive tactic. All it takes is for the attacker to stumble across a single deceptive resource and they are caught. It is often said that defenders must be right 100% of the time while attackers need to be right once.
Cyber deception flips that paradigm on its head by creating a situation where attackers must be right 100% of the time while defenders must be right just once. If implemented effectively, cyber deception creates a scenario where it is easier for an attacker to physically break in to a facility to affect compromise than to break in "over the wire" without getting caught. In the past, attackers had many advantages over defenders. From simple netcat listeners and fake credentials to deceptive web sites and fake social networking content, in this talk, you will learn the fundamentals, directly from new SANS course SEC550: Cyber Deception - Attack Detection, Disruption and Active Defense, of how cyber deception can allow defenders to truly take back the advantage!