Key takeaways from Gartner on deception technology-IoT security
Driven by customer demand, Gartner continues to increase coverage of the growing deception technology space, which they have dubbed “Distributed Deception Platforms”.
The latest research includes a report covering the value that deception brings to security programs and a technical comparison of the six leading deception vendors.
In part two of this three-part blog, I will outline my main takeaways from this body of research.
Part Two – “Doomguy and the Cyberdemon”
In final level of the classic 90’s computer game Doom, the hero, Doomguy, takes down the main boss, Cyberdemon.
So what does the hybrid machine/raging horned devil Cyberdemon have to do with OT (Operational Technology) and Internet of Things (IoT) security?
Not much, except for the fact you can replay the epic battles of the game on your enterprise printer. Today’s IoT devices have enough processing power to run not just malware but whole programs. In a video uploaded to YouTube, researchers demonstrate how vulnerable IoT devices are by hacking a Canon Pixma printer with modified firmware to fully run the game Doom.
The IoT security challenge
With the number of connected devices that are in use worldwide — now exceeding 18 billion — IoT security has become an integral part of any security program.
Operational Technology (OT) and manufacturing sites present a unique challenge for security teams. Failing to take proactive security measures can cripple operations and cause major financial losses – as recently shown by the Norsk Hydro attack which has cost the company in access of $50M to date .
Industries such as manufacturing and healthcare often rely on environments plagued by legacy embedded systems, legal restriction (for example, FDA mandates), compliance, or policy constraints which make deployment of traditional IT security tools impossible.
To learn more about these challenges as well as innovative ways to detect and mitigate today’s complex cyber-attacks, please check out a great webinar by William Fryberger, the director of enterprise security operations at Procter & Gamble.
Gartner on Deception and as a tool for IoT and OT security
The latest Gartner research calls for security professionals to prioritize deception-based detection approaches for environments that cannot use other security controls due to technical reasons (for example, IoT, SCADA, and medical environments).
Fact-based user research by Gartner has shown deception technology to be effective in production deployments. For example, in some IT, OT, and IoT environments, other monitoring controls have proven impossible to deploy. In these cases, deception technologies have been effective alternatives. Similarly, Gartner has found examples where deception was used in place of other detection technologies due to its more cost-effective operational burden.
Evaluating deception tools against OT/IoT security use case?
The heart of any deception tool are the decoys. A decoy is a host on the network designed to attract attackers. Decoys can be real systems (full OS) or emulated systems.
Although full OS decoys can serve the same purpose as custom emulators in small scale IT environments, emulators are the only option for coverage of nontraditional OSs and devices such as IoT and legacy systems.
Gartner evaluated vendors for their ability to provide a robust set of vertical IT and OT/IoT emulated services as well as the ability to allow users to create additional emulators.
Those emulators deployed at scale in OT and IoT environments provide accurate telemetry of misconfiguration and unauthorized activity with no impact to real devices and operations.
At TrapX, we are happy lead this approach with our patented emulation engine, wide set of out the box industry specific decoy templates, game changing build your own trap (BYOT) feature, and DeceptionNet a powerful user community that allows sharing new decoy types.
To learn more, please keep an eye out for my next blog: Key Takeaways from Gartner on Deception Technology — Part Three: Deception vs. Alternative Detection Approaches.