Abstract
This paper aims to explore the cyber-deception-based approach and to design a novel conceptual model of hybrid threats that includes deception methods. Security programs primarily focus on prevention-based strategies aimed at stopping attackers from getting into the network. These programs attempt to use hardened perimeters and endpoint defenses by recognizing and blocking malicious activities to detect and stop attackers before they can get in. Most organizations implement such a strategy by fortifying their networks with defense-in-depth through layered prevention controls. Detection controls are usually placed to augment prevention at the perimeter, and not as consistently deployed for in-network threat detection. This architecture leaves detection gaps that are difficult to fill with existing security controls not specifically designed for that role. Rather than using prevention alone, a strategy that attackers have consistently succeeded against, defenders are adopting a more balanced strategy that includes detection and response. Most organizations deploy an intrusion detection system (IDS) or next-generation firewall that picks up known attacks or attempts to pattern match for identification. Other detection tools use monitoring, traffic, or behavioral analysis. These reactive defenses are designed to detect once they are attacked yet often fail. They also have some limitations because they are not designed to catch credential harvesting or attacks based on what appears as authorized access. They are also often seen as complex and prone to false positives, adding to analyst alert fatigue. The security industry has focused recent innovation on finding more accurate ways to recognize malicious activity with technologies such as user and entity behavioral analytics (UEBA), big data, artificial intelligence (AI), and deception.
Highlights
The goal of this paper is to construct a novel Hybrid Threats Model and investigate the cyber deception approach for threat detection using deception-based methods.As companies adjust their business models and explore digitization opportunities, new risks arise, and companies can become more vulnerable to cybersecurity threats
Cyberspace is the fifth domain of operations, alongside the domains of land, sea, air, and space: the successful implementation of EU missions and operations is increasingly dependent on uninterrupted access to secure cyberspace and requires robust and resilient cyber operational capabilities [28]
The future of warfare will be in a digitalized multi-domain environment, which needs new doctrines [57,58] for the conduct of operations
Summary
The goal of this paper is to construct a novel Hybrid Threats Model and investigate the cyber deception approach for threat detection using deception-based methods As companies adjust their business models and explore digitization opportunities, new risks arise, and companies can become more vulnerable to cybersecurity threats. Organizations can view their impact on the business and prioritize their replacement Another important aspect of mitigating the cybersecurity risk is creating reference architecture models that integrate regulatory and company policy requirements. Adding a new capability to a security stack can come with complexity as security teams work to incorporate the solution into their operations This is generally not the case with a deception platform. The approach itself is open for enlargement, dynamic adjustments, and extensions needed to fulfill business and cybersecurity system needs
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
