Deception is quickly emerging as one of the most innovative and effective ways to protect a network. It’s an idea that occupies a sensible middle ground in the spectrum of cybersecurity tactics. Instead of merely reacting to an attack in progress, or aggressively “hacking back”, deception allows enterprises to protect themselves by diverting the attack into a walled off zone. When attackers try to use harvested credentials to infiltrate a network, they’re actually being examined and identified.
Implementing deception technology requires the creation of a network that appears real enough to fool attackers. Generating the appropriate level of credibility usually means mixing real network data with markers which allow security administrators to discover and track malicious actors. At a practical level, that requires a certain level of coordination between the security teams implementing deception technology and the network teams which control the network architecture.
The general rule of thumb for deception is that the less people know about it, the better. Since attacks from insiders are a constant challenge, it’s important that knowledge of deception technology is limited to a small group of administrators. The need for network resources to build out a realistic-looking environment unfortunately runs counter to this goal.
The illusion of the real
Illusive’s ersatz networks deploy on endpoints and strategic intersections of network activity. In these places, Illusive will associate a real IP address with a fake Active Directory profile. If a malicious actor sends a DNS query to the deceptive IP address, the query will be directed to a trap server, which then produces a notification for the security team.
Ordinarily, Illusive needs help from the network team to build out these connections. For every endpoint or strategic juncture they protect, they have to request an IP address from the network teams. That’s usually a manual process – one which slows down deployments and prevents timely expansion to newer areas of the network. Even worse, it involves notifying the network team when and where Illusive’s technology is deployed – hardly an ideal situation.
The automation factor
Using BlueCat’s Adaptive DNS platform, Illusive takes advantage of automated IP address provisioning to speed up deployments and minimize the number of administrators who are aware that deception is in use.
Reaching into the single source of truth for IPAM data, Illusive uses BlueCat’s API to automatically provision IP addresses for use in creating deceptive environments. Network administrators know that an IP address is assigned, and ultimately regulate the pool those addresses come from – an essential control which prevents duplicate assignments and network outages. At the same time, network administrators aren’t tipped off to how the IP address will be used, limiting the scope of knowledge to essential personnel only.
By integrating with BlueCat’s Adaptive DNS on the back end, Illusive makes its own deployments more dynamic, flexible, and reliable. It can spin up or wind down deception on the fly, without the need to constantly submit help desk tickets to the network team. Illusive’s customers in turn are ensured that every IP address used for deception won’t cause a devastating network conflict.
How to get it
Illusive’s integration with BlueCat is available now. You can access it within the Illusive solution, either from the dashboard or through the API repository. There you’ll find all the details about how to connect the two platforms.
Critical conversations on critical infrastructure
Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.
BlueCat’s DDI Adaptive Plugins and Applications help IT teams better leverage ServiceNow, Ansible, Microsoft, and more
A growing suite of Adaptive Plugins and Applications will help automate existing BlueCat capabilities along with adjacent customer technologies.
Drive DNS automation with the BlueCat Ansible module
The BlueCat Ansible module makes it easy to use playbooks to provision DNS, DHCP, and IPAM resources.
BlueCat adds new capabilities to its DNS automation offering
With its new automation offering, BlueCat is rolling out new ways to orchestrate network functions and increase efficiency.
WFH, DOH & DNS: Keeping networks secure during unprecedented change
As we work from home, DOH (DNS over HTTPS) use is up by 1,500%. Learn what DNS tells us about network security and how BlueCat and Cisco Umbrella can help.