Traditional security isn’t always enough to keep attackers at bay. When it comes to sneaking into networks, detection will often only come after malicious traffic reaches systems such as next-generation firewalls and intrusion detection and prevention systems. Meanwhile, threat actors have free range. But if you can trick the attacker attempting to trick you, it’s a different story.
The first response after detection is often to remove the compromised systems and disable the breached user accounts. The idea is to cut down on further problems and limit any existing risk. Sadly, this approach leaves you with only the artifacts and logs that the attackers decided to leave behind.
Engaging with the attacker will allow you to get more insight into their goals, techniques, tactics and attack paths. You can then use this to strengthen your existing defenses and prevent this specific actor from using the same techniques again.
Intelligent Adversary Engagement
You can choose from multiple tools and frameworks when setting up a strategic adversary engagement. One of these is MITRE Engage, a framework created just to be used for discussing and planning responses to an attacker. That includes engagement, deception and denial. Let’s look at a few notable techniques used to engage with threat actors.
Honeypots
Honeypots mimic real systems with the goal to attract and detect malicious actors in your infrastructure. Think of them as the digital version of bait cars. Honeypots allow system admins and other cybersecurity personnel to detect techniques and tactics used to compromise systems.
Note the difference between high- and low-interaction honeypots. Low-interaction honeypots will help you det ..
Support the originator by clicking the read the rest link below.
