Deception is quickly emerging as one of the most innovative and effective ways to protect a network. It’s an idea that occupies a sensible middle ground in the spectrum of cybersecurity tactics. Instead of merely reacting to an attack in progress, or aggressively “hacking back”, deception allows enterprises to protect themselves by diverting the attack into a walled off zone. When attackers try to use harvested credentials to infiltrate a network, they’re actually being examined and identified.
Implementing deception technology requires the creation of a network that appears real enough to fool attackers. Generating the appropriate level of credibility usually means mixing real network data with markers which allow security administrators to discover and track malicious actors. At a practical level, that requires a certain level of coordination between the security teams implementing deception technology and the network teams which control the network architecture.
The general rule of thumb for deception is that the less people know about it, the better. Since attacks from insiders are a constant challenge, it’s important that knowledge of deception technology is limited to a small group of administrators. The need for network resources to build out a realistic-looking environment unfortunately runs counter to this goal.
The illusion of the real
Illusive’s ersatz networks deploy on endpoints and strategic intersections of network activity. In these places, Illusive will associate a real IP address with a fake Active Directory profile. If a malicious actor sends a DNS query to the deceptive IP address, the query will be directed to a trap server, which then produces a notification for the security team.
Ordinarily, Illusive needs help from the network team to build out these connections. For every endpoint or strategic juncture they protect, they have to request an IP address from the network teams. That’s usually a manual process – one which slows down deployments and prevents timely expansion to newer areas of the network. Even worse, it involves notifying the network team when and where Illusive’s technology is deployed – hardly an ideal situation.
The automation factor
Using BlueCat’s Adaptive DNS platform, Illusive takes advantage of automated IP address provisioning to speed up deployments and minimize the number of administrators who are aware that deception is in use.
Reaching into the single source of truth for IPAM data, Illusive uses BlueCat’s API to automatically provision IP addresses for use in creating deceptive environments. Network administrators know that an IP address is assigned, and ultimately regulate the pool those addresses come from – an essential control which prevents duplicate assignments and network outages. At the same time, network administrators aren’t tipped off to how the IP address will be used, limiting the scope of knowledge to essential personnel only.
By integrating with BlueCat’s Adaptive DNS on the back end, Illusive makes its own deployments more dynamic, flexible, and reliable. It can spin up or wind down deception on the fly, without the need to constantly submit help desk tickets to the network team. Illusive’s customers in turn are ensured that every IP address used for deception won’t cause a devastating network conflict.
How to get it
Illusive’s integration with BlueCat is available now. You can access it within the Illusive solution, either from the dashboard or through the API repository. There you’ll find all the details about how to connect the two platforms.
Flailing in the cloud?
Seven in 10 enterprises struggle to realize the full value of their cloud investments. New research by Enterprise Management Associates explains why and how to change that.
5 IT pros on joining enterprise and cloud provider DNS
Networking pros explore integrating enterprise and cloud DNS during the fifth Critical Conversation on Critical Infrastructure hosted in Network VIP.
DNS sinkhole: A tool to help thwart cyberattacks
A DNS sinkhole supplies a false domain name in response to a DNS query, preventing connections to malicious or unwanted domains. Learn more with BlueCat.
Four major DNS attack types and how to mitigate them
In a DNS attack, DNS is compromised or used as a vector. Learn about the different attack types and how to prevent, detect, and mitigate them with BlueCat.
Our analysis: Gartner’s DNS security best practices
BlueCat has long known what Gartner now says: Your network needs DNS security. Learn how DNS data logs, threat feeds, and setting policies can help.