Tony Cole is well-known in the federal cyber community. He has distinguished himself after a twenty-year career in the military as well as working with many leading vendors. Currently, he is the CTO of Attivo Networks.
The topic: how to handle the fact that malicious actors are already inside the network? His company specializes in an approach technically called “engagement-based attack analysis.” You may want to call it setting a trap.
The idea is to set up a replica of your network that is so convincing that a malicious actor will enter the faux system and engage with it. When that happens, Attivo can track activities and learn methods and tactics. Once an asset is “touched” an alert goes off, and systems administrators are informed.
Over the years this approach has been called a “honeypot.” Not exactly a new concept for the military. Trapping moves have been around since the battle of Cannae.
Early honeypots were time-consuming and expensive to assemble. The breakthrough from Attivo is their approach gives you speed, flexibility, and scaling. Early honeypots were painstaking to construct and required hours and hours of a technician’s time. As a result, they were difficult to deploy and scale.