什么是欺骗技术工具?
Deception technology aims to deceive attackers by distributing a collection of traps 和 decoys across a system's infrastructure to imitate genuine assets. 如果入侵者触发了一个诱饵, then the server will log 和 monitor the attack vectors utilized throughout the duration of the engagement.
欺骗技术的重要性
随着攻击媒介变得越来越复杂, organizations need to be able to detect suspicious activity earlier in the attack chain 和 respond accordingly. Deception technology provides security teams with a number of tactics 和 resulting benefits to help:
- 减少攻击者在其网络上停留的时间
- Expedite the average time to detect 和 remediate threats
- 减少警觉性疲劳
- 生成相关指标 妥协指标(ioc) 战术、技术和程序(TTPs).
In incident detection 和 response, time 和 context are crucial. And yet many detection solutions wait until critical assets have been compromised to send an alert, while others—like those that only analyze log 和 network data—can’t provide important details, 比如袭击者是怎么进来的, 或者他们下一步要去哪里. Kind of makes planning a response, well, pretty darn impossible.
InsightIDR, Rapid7’s incident detection 和 response solution, can help close these gaps in detection. 如何? 通过给攻击者提供他们无法拒绝的条件. 利用先进的 欺骗技术 powered by a deep underst和ing of attacker behavior, InsightIDR sets irresistible traps to draw out malicious behavior earlier in the attack chain 和 buy your team the time 和 insight needed to respond effectively.
Weave intruder traps into your larger monitoring strategy
Pick your poison: InsightIDR offers four types of intruder traps to detect attackers earlier during network recon 和 lateral movement—在关键数据被盗之前. 四个都是蜜罐, 亲爱的用户, 蜂蜜的凭证, 和 honey files – are quick to set up 和 built using continuous attacker research from the Metasploit project, as well as our pen-testers 和 24/7 Security Operations Center (SOC). And since InsightIDR combines this 欺骗技术 with 用户行为分析 和 端点检测, you can be sure it will detect intruders across the entire attack chain.
轻松部署和管理多个蜜罐
When an attacker first l和s on your network, it's a beautiful thing. 为什么? It’s one of the rare moments you actually have the upper h和. And InsightIDR’s honeypots can help you make the most of it. Here’s how it works: Attackers use internal reconnaissance, 比如网络扫描, 确定下一步横向移动的位置.
“粘蜜罐”, decoy machines/servers set to listen on the network, detect the use of nMap 和 other scanning tools to alert you to an attacker’s presence. 传统上, honeypots have been difficult to set up 和 centrally manage, 而是用insighttidr, it’s easy to deploy one or multiple across your network.
Detect password guessing attempts with 亲爱的用户
Once an attacker has internal access to your network, 他们可能会尝试垂直暴力, querying Active 导演y to see the full list of users 和 try a small number of commonly used passwords across those accounts. 您的监控解决方案今天会检测到这一点吗? InsightIDR helps detect password guessing attempts by enabling you to define a honey user, 例如PatchAdmin, 和 get alerted on any authentications to that decoy account.
Catch the use of stolen credentials, including pass-the-hash
一旦攻击者危及端点, they can extract password hashes 和 even cleartext credentials, 不需要外部恶意软件. While 端点检测 和 response solutions may be able to identify privilege escalation 和 other malicious 利用, the question remains: What did the attacker do from there?
InsightIDR not only provides real-time 端点检测, but also injects fake 蜂蜜的凭证 on your endpoints to deceive attackers. If this credential is used anywhere else on the network, 比如pass-the-hash, 你会被自动提醒.
Get file-level visibility without the management headache
Once an attacker has access to confidential materials, the next step is getting it off the network—typically by zipping 和 copying the files to an external drop server or stolen cloud storage account. 因为这种泄露通常通过HTTP/HTTPS进行, it’s difficult to detect with firewalls 和 existing monitoring solutions.
With InsightIDR, you can specify a honey file in a critical directory. All actions taken on this file – including opening, 编辑, 和复制-都受到监控, giving you file-level visibility without the effort of deploying a st和alone 文件完整性监控解决方案.
InsightDR: Your top choice for Deception Technologies
InsightIDR offers four types of intruder traps to detect attackers earlier during network recon 和 lateral movement, 在关键数据被盗之前. 所有four-honeypots, 亲爱的用户, 蜂蜜的凭证, 和 honey files—are quick to set up 和 are built from continuous attacker research from the Metasploit project.
