They say the best defense is a good offense. When it comes to IT security, however, IT organizations can only take the good offense so far before they wind up breaking the law themselves. But that doesn't mean they need to idly stand by and suck up attack after attack. Instead, they can disrupt the attacks on their IT systems in a way that eliminates the economic incentive for launching those attacks in the first place.
To give IT organizations the tools they need to disrupt attacks, Mykonos Software created a security appliance that detects when scripts used by botnets are accessing files on a site. It also detects overwhelmed scanners that hackers use to identify vulnerabilities with fake data, keeping track of the devices that were used to generate those attacks. It even gives attackers access to passwords that provide them with reams of fake data that they would need to manually sort through to find anything useful.
According to David Koretz, president and CEO of Mykonos Software, the basic idea is to use deception to make it impossible for hackers to leverage automation in any meaningful way. Once that is accomplished, it's no longer economically attractive to manually hack a website looking for a vulnerability to exploit. Now Mykonos is extending the scope of its security approach to include applications running on the Amazon cloud service.
What Mykonos is doing, says Koretz, is overwhelming hackers who are using any number of automated tools with a sea of garbage data. Sorting through all that data becomes too time-consuming for the hackers, who wind up not being able to make as much money because they have to rely on manual processes to discover vulnerabilities. As a result, Koretz says the profit motive for hacking a particular site or application is sharply reduced. Koretz maintains that this deceptive approach is far more effective than relying on antivirus and firewall technologies that are built around castle-and-moat approaches to security that can't respond to threats in an age when there is no such thing as an enterprise perimeter.
While leveraging the information gathered by Mykonos theoretically makes it possible to go on the offensive, Koretz cautions customers not to take the law into their own hands. That's especially important, adds Koretz, at a time when it's not clear what attacks are being sponsored by nation states that could easily create a situation where an IT organization could find itself suddenly creating an international incident.
But there is a world of difference between not returning an attack in kind and turning the proverbial other IT cheek. At least now, IT organizations now have some other options.