New Times,
New Thinking.

Advertorial: in association with Fortinet
  1. Spotlight on Policy
  2. Tech and Regulation
  3. Cybersecurity
9 January 2023updated 12 Oct 2023 10:40am

How deception can become your friend

Reconnaissance is an essential part of any cybersecurity strategy, and decoys are key.

By Kash Valji

What’s your own professional background and your role at Fortinet?

I’m a Director of Consulting Systems Engineering. I have been involved in the technical parts of the business for many years, but my team and myself are also an interface between Fortinet’s outward-looking side – doing exhibitions, conferences and that kind of thing – and the actual product teams. My team specialises in advanced threat protection – we do sandboxing, where we test code in an isolated, safe environment that mimics an actual network, and we look at advances in AI and machine learning technology, basically anything that’s labelled an advanced threat.

There are a lot of grey areas in cybersecurity. A lot of my role is centred around helping protect us from things that we don’t quite fully understand yet.

What does the contemporary cyber threat landscape look like?

Free White Paper

Protecting Every Edge To Make Hackers’ Jobs Harder, Not Yours

Enter your details to receive the free paper:

One thing we’ve seen evolve quickly on the cyber attackers’ side is the level of automation they’re using. Automated malware creation and deployment tools along with the dark web have created easy-to-use products and a really accessible marketplace for cyber criminals.

There was a time where you needed a certain level of technical skill to engage in cyber-crime, but nowadays the head of operations in non-state cyber crime organisations are often non-technical. Cyber criminal gangs are applying a business model to their enterprise rather than a technical one. But it’s the lack of technical ability or lapse in concentration that often leads to their downfall.

The stereotypical profile of the hacker still exists and those individuals are still out there. It’s those highly capable, lone-wolf, computer-obsessed youngsters in their parents’ spare bedroom. But those guys and gals don’t really have an interest in spending the huge stash of cryptocurrency they often make from cyberattacks – they’re just doing it to prove it can be done and, quite often, to satisfy their own curiosity.

We’re seeing a lot of nation state-sponsored attacks as well. Such attacks are usually about targeting specific intellectual property, going after chip manufacturers etc., or targeting critical national infrastructure and government institutions in countries that are hostile to their own particular worldview.

Another phenomenon we witnessed during lockdown was a lot of attacks against higher education. State-sponsored cyber criminals were going after the universities to try and steal the intellectual property associated with their vaccine research.

But most governments now have some sort of established cybersecurity arm and they are using automation to go out there and look out for threats themselves. You sometimes see cases where a normally benign state actor has probed the network of a private customer or client, but it’s just a by-product of this automation – they didn’t set out to intentionally breach the organisation’s security.

On top of all that, we’ve got a huge cybersecurity skills gap. That’s a real problem. Our partners can’t hire skilled staff fast enough to stay on top global digital transformation. Today’s working from home culture has presented new problems for a lot of companies. Training IT teams and keeping entire workforces up to date to make sure this work-from-anywhere model is safe has been a challenge for a lot of businesses and public sector organisations.

How can we best protect against these threats?

A key area that I work in is in deception technology. Think of it using a traditional warfare metaphor: sometimes decoys and ghost armies will be deployed, soldiers or assets and equipment will be used as bait introduced onto a battlefield to confuse the enemy. We’re using the same principle in cyber warfare.

Part of the protection for critical national infrastructure such as water distribution, energy grids, transport and communications networks, is the decoy. Let’s say a piece of critical infrastructure is being targeted by cyber criminals. We employ deception technology to mimic the infrastructure network, a sophisticated copy essentially, that looks just like the servers and networks used to control a major water pump, a pipeline, thermometer gauges, a reservoir, a hydroelectric plant – whatever the infrastructure is. These decoys are fake digital assets that look just like your real asset. We create them with a slight vulnerability, we make them slightly outdated and unpatched – not too much, as we don’t want to give the game away – in order to entice the potential attackers. What we’re doing is deceiving bad actors into engaging with and attacking fake servers, giving them access to things that don’t threaten your real network.

Once threat actors have interacted with the decoy system, we can sound the alarm, start locking down and ejecting them, and we can alert other systems and users to the breach. Alternatively, we can lay low and monitor their behaviour. This is the reconnaissance part of a full cybersecurity defence strategy. We can see what they’re doing, the tools they are utilising and how they behave. We can learn about their methods and their own vulnerabilities, see what’s going on behind the curtain. What are their intentions? What are they after? Are they interested in intellectual property theft? Is it spyware, malware, ransomware?

In that way, deception technology can help you see who these threat actors are and learn from them. It’s a great supplementary reconnaissance tool.

What other activities is Fortinet involved in that protects against emerging threats?

Any threat information that we build up, we make accessible through our Security Fabric. Cybersecurity is very collaborative as an industry and Fortinet are not hoarding the information we gathering. We’re working with some of our most serious competitors, some of whom we established the Cyber Threat Alliance with. If we’ve learnt something bad, we specialise in concisely contextualising the threat for our customers and partners, so they know exactly what to expect and how to respond.

That really is the way forward, because the key to any joined up defensive cybersecurity strategy is collaboration.

Kash Valji is Director of Consulting Systems Engineering at Fortinet

Topics in this article : ,