Optimise your cyber security posture with active cyber defence 

Attacking the attackers with active cyber deception.

Cyber-criminals are getting more sophisticated and savvy by the day. Businesses suffered 50% more cyberattack attempts per week in 2021 than in the previous year, and a recent study reveals that cybercriminals could potentially penetrate 93% of company networks.

Fortunately, just as cybercriminals’ cyber security defensive techniques are becoming smarter and more diverse, so are the ways of preventing them. So how can you ensure the most active defence?

Here’s a quick overview, as covered in our recent webinar: Attacking the Attackers with Cyber Defence. In this live session, our Cybersecurity Product Manager, Peter Balivajoined me to as we shared insights regarding cyber defence, cyber-deception and disrupting the OODA loop. We also outlined the cyber-defence quadrant, the role of the MITRE™ Engage framework, and provided a demo of how the Macquarie Cloud Services’ solution can help.

What role does active defence play in cyber security?

Essentially, active defence in cyber security refers to the use of ‘asymmetric defences’ – that is, defences that increase costs for cyber-adversaries and reduce costs for cyber-defenders.

We often like to compare it to the tactics used by Macaulay Culkin’s character Kevin, in the movie Home Alone. When the burglars attempt to enter Kevin’s family home, he deploys a series of intelligent traps to confuse, frighten and frustrate them – eventually sending them fleeing. The same principle applies with an active defence cyber security strategy: we deploy smart and carefully considered techniques to confuse and frustrate attackers at their own game.

5 key principles of cyber defence.

Cyber deception is a strategy recommended by MITRE Engage™, which is a framework for planning and discussing adversary engagement operations. It empowers organisations to engage with adversaries and achieve their cybersecurity goals.

MITRE Engage™ is a defensive framework to complement MITRE ATT&CK® – a globally-accessible knowledge base of adversary tactics and techniques to beat attackers at their own game.

Here at Macquarie Cloud Services, we believe cyber defence must be:

1. Proactive – anticipates the adversary’s approach and deploys proactive countermeasures in advance, forcing them to react to us.
2. Asymmetric – employs the Pareto principle: we deploy the least cost/effort defences to deliver the highest compounding impact on the adversary.
3. Engaging – actively engages the adversary instead of responding passively (though we do exercise more aggressive options when the attacker is within our own perimeter).
4. Disruptive – negates the adversary’s standard playbook, limits their options, influences their decision-making and frustrates their tooling.
5. Human threat-focused – considers a thinking, adoptive human adversary as the centre of defensive strategy.

What is cyber deception?

Cyber deception is a type of cyber defence that’s been used by militia since the dawn of time.

It’s the deliberate and calculated process of deceiving attackers to wage a better defence. The aim is to slow attackers down, confuse and deceive them to make them work harder, and significantly increase the chances of detection.

It’s important to remember that cyber deception doesn’t replace other efforts or layers of defence – but should actually complement and feed these.

Where and how do we use cyber deception?

Let’s start with the OODA loop.

The OODA loop is a process for making decisions in critical, high-stakes situations. It was first developed by military strategist and Colonel of the United States Air Force, John Boyd.

The OODA loop is also used by many cyber criminals as a way of fine-tuning their attacks. Many cyber defence strategies are therefore now focused on disrupting the OODA loop – targeting attackers at critical points of their decision-making.

Examples of techniques that can be used to disrupt this loop include:

• Bcrypt – this technique anticipates that adversaries will have access to vastly improved computing power and allows defenders an asymmetric, low-effort way of remaining secure.
• Deception – this anticipates the adversary’s possible motives end paths, and actively engages them to manipulate their decision-making.
• Attacker engagement – disrupts the post-breach attacker’s information and available options. Anticipates that the attackers will adapt and plan ahead to force their decision-making.
• Threat hunting – anticipates where an adversary will be in the network and proactively looks for evidence to support a detection.
• Threat intelligence creation – proactively gathers intelligence on organisation-specific adversaries and threats in order to better engage and disrupt specific rather than generic threats.

How can our cyber security services help?

The team at Macquarie Cloud Services has been helping manage organisations’ security for over 20 years, and we are experts in cyber security, cyber deception and active defence – in line with the MITRE Engage™ and MITRE ATT&CK® frameworks.

Our Managed SOC and SIEM service can protect your organisation from today’s threats on an ongoing basis – leveraging the latest techniques like cyber defence and cyber deception. We’ll advise, implement and monitor solutions on your behalf, and you’ll have access to our security experts, so you’re never on your own.

If you’re interested in learning more about our cyber security services or about cyber defence and cyber deception, please don’t hesitate to get in touch.

You can also watch the full webinar here.