• 1-877-741-2410

Securing Your Digital Transformation Means Adding Layers

JIM GILLESPIE – GRAYMATTER CEO

An onion is the go-to analogy when describing a Defense in Depth approach to industrial cybersecurity. 

Cut through one defense, and there’s another layer of protection. It’s no doubt a strong defensive posture, but it also gives ground to bad actors willing to passively observe your network before attempting to penetrate it.

JIM GILLESPIE,
GRAYMATTER CEO

James Gillespie is the co-founder and CEO of GrayMatter, a Pittsburgh-based technology company that provides consulting and implementation services to help industrial organizations transform their operations and empower their people. To learn more about deceptionGUARD, schedule a customized industrial cybersecurity briefing. 

An onion is the go-to analogy when describing a Defense in Depth approach to industrial cybersecurity.

Cut through one defense, and there’s another layer of protection. It’s no doubt a strong defensive posture, but it also gives ground to bad actors willing to passively observe your network before attempting to penetrate it.

Why not build a cybersecurity strategy that starts with some subterfuge and adds some offense to those many defensive layers?

That’s the idea behind deception technology for cybersecurity, or what GrayMatter calls our deception-as-a-service offering, deceptionGUARD. The technology creates a false impression for would-be cybersecurity threats by using virtual decoys and sirens.

The approach is effective because many cybersecurity threats are opportunistic attempts that probe at random for weaknesses at the very edge of an organization’s network, rather than a targeted attack.

 Cybercriminals or nation-state actors use tools to scan passively for easy and potentially high value wins (think: U.S.-based IP addresses). Firewall geo-filters can fend them off for a while, but eventually, they’ve done enough reconnaissance and created enough proxies to learn what triggers a dropped connection on your network.

There’s no reason to spot them that advantage, especially when the NSA and CISA are warning U.S. companies to take “immediate actions” to reduce the vulnerabilities of their internet-accessible operational technology and Industrial Control Systems, and to train employees working from home about the dangers of ransomware and spearphishing attacks.

 

How deceptionGUARD Works

Decoys deployed at the network edge to augment your firewall defense layer and penetration resistance appear from the outside to be available, connected devices such as PLCs.

In fact, they’re virtual facsimiles that aren’t intended to receive any network traffic unless an attack is occurring. If they receive traffic, the technology knows immediately that something isn’t right.

Sirens mimic network traffic, giving the outward appearance of legitimacy without exposing any real assets or data to a potential threat.

Not only is the perimeter reinforced with another proactive layer, but if somehow a threat manages to make its way on to your OT network through a side window (think outside contractor, USB stick or employees clicking a phishing email), there are a series of virtual tin cans tied to string and bear traps to alert you and shutdown malware.

This layering is critical to stopping the new threats of ransomware.

With deceptionGUARD, every time a threat scans an organization’s network, it receives false information that looks legitimate. Since the decoys and sirens are lightweight and software-based, their configurations are easy to change, so a bot doing a reconnaissance sweep sees something different every time.

Plus, with every attempt, deceptionGUARD learns.

It creates a new rule to block the threat and does it automatically, which a firewall can’t do. The more attempts, the stronger the blocking rule. One of our clients says that this approach saves their facility every day.

That’s just the first layer, but it’s critical. Many companies rely on network micro-segmentation and hardening to protect internet-accessible devices on an Industrial Control System, but those tools alone aren’t always enough. 

By definition, they’re reacting to threats rather than anticipating them, as deception technology does. A deception-as-a-service approach addresses threats early in the so-called cybersecurity kill chain, meaning the threat ends at layer one instead of layer two, three or four.

So, instead of visualizing an onion sitting on a wooden cutting board, as I think many of us do, imagine it’s still growing.

It’s adding layers, and it’s not on a cutting board. It’s still in the ground, covered up, undetected.


Get Started

Start a project or get in touch with GrayMatter