Breaking AI-driven attacks: Insights from the GigaOm Deception Technology Radar

1
00:00:03.460 –> 00:00:07.379
Chris Ray: Remind me, is this, going live, or is this pre-recorded only?

2
00:00:07.380 –> 00:00:13.759
Anand Akela: No, no, no. I’m going live, going live. In a second, in a minute, I will say start webinar at the top.

3
00:00:14.000 –> 00:00:19.819
Anand Akela: And we’ll get in there, and it will take another minute or so before, getting started, so I’ll…

4
00:00:24.360 –> 00:00:25.240
Anand Akela: Okay.

5
00:00:25.550 –> 00:00:29.100
Anand Akela: I am going to hit start webinar, but

6
00:00:59.620 –> 00:01:04.180
Anand Akela: Good morning, good afternoon. Let’s wait for a minute, or…

7
00:01:04.730 –> 00:01:07.560
Anand Akela: 90 seconds, before we get started.

8
00:01:36.180 –> 00:01:39.480
Anand Akela: We’re just waiting another 30 seconds,

9
00:02:21.470 –> 00:02:25.400
Anand Akela: Okay, let’s get started.

10
00:02:27.250 –> 00:02:37.950
Anand Akela: Good morning and good afternoon, everyone. My name is Anand Akela. I am Chief Marketing Officer at Acalvio Technologies. Today’s webinar is,

11
00:02:37.950 –> 00:03:02.129
Anand Akela: pretty much the insights from, GigaOm Deception Technology Radar, but we’ll put some context behind it, about, the AI-driven attacks and how, deception could, could help, break that, that kind of the whole AI-driven, challenges there. Our guest today is, Suril, if you could go to the next slide, please.

12
00:03:02.460 –> 00:03:12.830
Anand Akela: is Chris Ray, who is field CTO of GigaOm. He’s been doing that research on deception for a long time. This year, it was, version…

13
00:03:12.980 –> 00:03:14.670
Anand Akela: 5, Chris, right?

14
00:03:14.810 –> 00:03:15.830
Chris Ray: That sounds right.

15
00:03:15.830 –> 00:03:18.669
Anand Akela: Yeah, yeah, so welcome to the, webinar.

16
00:03:19.150 –> 00:03:20.419
Chris Ray: Thanks for having me, guys.

17
00:03:20.420 –> 00:03:22.080
Anand Akela: Alright, and

18
00:03:22.220 –> 00:03:30.210
Anand Akela: Our own Suril Desai, VP Detection Engineering, will be joining and, sharing some insights and showing demos.

19
00:03:30.220 –> 00:03:53.189
Anand Akela: Again, as the webinar goes, you know, please feel free to ask your questions using the Q&A button at the bottom of your screen, and we’ll answer it at the end of it. If there are some interesting questions and speakers feel like we can take it, but please, keep,

20
00:03:53.370 –> 00:03:59.280
Anand Akela: asking your questions, and we’ll take it at the end. With that, let’s go to the next slide, Suril.

21
00:04:01.540 –> 00:04:08.380
Anand Akela: So, why don’t you kind of walk us through the agenda, and then pass it on to, Chris.

22
00:04:08.940 –> 00:04:21.369
Suril Desai: Sure. So we’ll be talking, you know, this is a particularly important time in cyber, as we all know as practitioners. The threat landscape has dramatically shifted with advances in AI.

23
00:04:21.370 –> 00:04:28.240
Suril Desai: So we’ll start with what has changed in the threat landscape over the last few months, and we’ll also discuss

24
00:04:28.240 –> 00:04:42.270
Suril Desai: what is coming at us as defenders in this AI-orchestrated attack world. We’ll talk about the implications on cybersecurity as the advances in foundation models continue.

25
00:04:42.620 –> 00:05:02.009
Suril Desai: And, the, you know, the expansion of agents in enterprises. Then we’ll cover GigaOm’s analysis of the deception landscape, because deception is one of the core mechanisms to be able to combat these threats. So GigaOm has done extensive research. Chris will discuss that in detail.

26
00:05:02.260 –> 00:05:16.939
Suril Desai: Then we’ll have a demonstration of an actual agentic attack, and we’ll see how deception can actually disrupt such an attack, and provide a runtime guardrail for an agentic exploit.

27
00:05:16.940 –> 00:05:23.650
Suril Desai: And then we’ll talk about a few key considerations around operationalizing deception. So that’s the overview of the agenda.

28
00:05:24.080 –> 00:05:26.710
Suril Desai: We’ll… we can start next, Chris.

29
00:05:27.890 –> 00:05:43.619
Chris Ray: Sure. So, the anthropic… anthropic breach. Let’s talk about this. GTG1002. You know, it’s, being read is like a watershed moment, right? But I think the important detail is buried in this diagram here.

30
00:05:43.650 –> 00:05:46.700
Chris Ray: There’s still a human in every phase.

31
00:05:46.720 –> 00:06:05.230
Chris Ray: We are nowhere close to the autonomous APT threat that we’re all worried about, but it is coming, and fortunately, this kind of gives us a marker to throw down and say, okay, we’ve seen the direction that the attacks are trending. We can understand where this is going to end up.

32
00:06:05.230 –> 00:06:10.639
Chris Ray: We have time to prepare for it, but pretending otherwise, that distorts your defensive investment.

33
00:06:12.850 –> 00:06:30.920
Suril Desai: Right, I mean, you know, and the… this was sort of the start of a long series of exploits over the last 6 months, and where, effectively, Anthropic is flagging. The main thing different here was the ability to take each of these sub-phases. So, for example, the

34
00:06:30.920 –> 00:06:47.009
Suril Desai: the human attacker starts the exploit sequence, as Chris pointed out, and then there are sub-phases, and the subphase is, let’s say, for example, through reconnaissance against an enterprise network, and that phase, which involves a set of tasks.

35
00:06:47.180 –> 00:07:09.509
Suril Desai: can now be automated, right? And because that way, the agent has the ability to call a bunch of tools, and those tools can do individual reconnaissance, and then the agent can piece together the findings from the individual steps, and then orchestrate the next step accordingly. So, this was just the start of a, you know, inflection point.

36
00:07:09.710 –> 00:07:16.389
Suril Desai: Let’s go into the next slide to discuss what have Defenders been discussing, Chris?

37
00:07:17.180 –> 00:07:30.620
Chris Ray: Sure. So, we have the Atkins and Evron report here. They’re right about the asymmetry, but I feel like they’re wrong about the timeline. The 6 months framing is kind of rhetorical.

38
00:07:30.710 –> 00:07:37.969
Chris Ray: The real question is whether defenders use the panic, productivity, or do they waste it on production theater?

39
00:07:38.140 –> 00:07:44.639
Chris Ray: You know, vulnerability discovery scaling does not equal exploitation scaling.

40
00:07:44.750 –> 00:07:58.479
Chris Ray: We find big, big bugs in toolchains. It’s not the same as adversaries weaponizing them at scale. There’s still triage, there’s reliability engineering, there’s delivery. Those steps don’t compress as fast as discovery does.

41
00:07:58.480 –> 00:08:14.159
Chris Ray: Then we have the patch velocity gap. They highlight, which is correct, and it is a fundamental concern, this mean time to patch in most enterprises is still measured in months. There’s no AI tooling shrinking that. Patching is a change management problem, not so much a discovery problem.

42
00:08:15.200 –> 00:08:26.580
Chris Ray: I invite you to kind of dive into that research there a little bit, and then run this thought experiment on your own. If a credible zero day in your most critical internet-facing service dropped tomorrow.

43
00:08:27.030 –> 00:08:38.919
Chris Ray: What’s your honest patch time? What controls do you have in place to detect that? Are you able to get the telemetry, the signaling? Are you able to take action on that in the next 72 hours? If you can’t.

44
00:08:39.140 –> 00:08:57.250
Chris Ray: then that’s showing you a gap that you have today, which… there’s multiple ways, you know, defense in depth, I’m sure, but we’re here to talk about the focus on the advantages of deception, and what that can gain as far as early detection, these telemetry signals that you may not have otherwise.

45
00:08:59.510 –> 00:09:00.120
Suril Desai: Great.

46
00:09:00.320 –> 00:09:03.360
Suril Desai: And so… Go ahead.

47
00:09:05.770 –> 00:09:07.670
Chris Ray: Oh, yeah. So, you know.

48
00:09:08.510 –> 00:09:25.999
Chris Ray: when I seen this, I said, 8 minutes is a great headline, but every step in that kill chain was preventable with controls that have been CIS benchmarks since 2018. This is a hygiene story dressed up as an AI story, and we have to be careful of that. Like a lot of previous tooling.

49
00:09:26.340 –> 00:09:36.900
Chris Ray: Think of Conficker. If you’re not familiar with it, go Google it, takes 10 seconds to figure out what we’re talking about. Conficker was, novel, and then it was industrialized.

50
00:09:37.000 –> 00:09:50.750
Chris Ray: The same way LLMs were a novel 3 or 4 years ago, attackers are now industrializing them, for lack of a better way to describe it. They’re accelerating their methodologies using the tooling that’s available to them.

51
00:09:50.930 –> 00:09:59.459
Chris Ray: So, you know, when I see, like, step one, AWS creds are in a public bucket, that’s not necessarily an AI failure, that’s a posture management failure, right?

52
00:09:59.830 –> 00:10:10.200
Chris Ray: Steps 2 through 6, we see, kind of a typical attacker playbook, IAM enumeration, lambda code injection, privilege escalation, some persistence.

53
00:10:10.360 –> 00:10:18.259
Chris Ray: These are all detectable in CloudTrail with, you know, reasonable rules. The reason they weren’t caught, though, is these…

54
00:10:18.310 –> 00:10:30.519
Chris Ray: these shifts have happened so much faster because of the AI enhancement to the attacker techniques and tactics. It’s most orgs can’t actually keep up with that change.

55
00:10:32.230 –> 00:10:47.609
Suril Desai: Thanks, Chris. I think that’s the essential point there, which is, you know, and when… later in the discussion today, I have a demo for this particular attack, and then talk about, actually, that talks about, you know, the step two, for example. As Chris pointed out, step one.

56
00:10:47.610 –> 00:10:54.299
Suril Desai: Can occur pretty much, and should have been prevented through, you know, prevention controls and security posture.

57
00:10:54.380 –> 00:11:11.660
Suril Desai: And the rest of the kill chain is not new, exactly as Chris said. I mean, I think the main difference is the fact that if you’re going into an AWS environment, and you’re trying to go and, as an attacker, enumerate a set of IAM identities, and then find the one that’s administrative.

58
00:11:11.790 –> 00:11:17.020
Suril Desai: Typically, for a human, it would have required a whole bunch of checks, so it would take time.

59
00:11:17.320 –> 00:11:26.869
Suril Desai: In the case of the agent, it is, you know, inherently parallelizable, because the nature of the task, to say, I have a list of 5,000 accounts.

60
00:11:26.870 –> 00:11:51.759
Suril Desai: I need to find, you know, the 10 accounts that are administrative. The nature of the task inherently lands itself to parallel processing, so the agent can say… and it has compute at his disposal, so it could say, okay, let me partition this problem space into many different parallel subtasks, and then get the answer, which effectively shrinks the time it takes to get this step done, and that’s mainly the shift as far as the

61
00:11:52.180 –> 00:11:54.440
Suril Desai: Offense landscape is concerned.

62
00:11:54.440 –> 00:12:11.500
Chris Ray: Yeah, and I just, like, you know, I have this thought banging around in my head. I’m always trying to give, like, some practical insight here. You know, if you were to take this scenario back to your team and ask them one good question, it should be something like, if this exact scenario ran in AWS tonight, what would we catch and how fast would we catch it?

63
00:12:11.810 –> 00:12:19.100
Chris Ray: The honest answer is probably in step 6. You know, it’s not that you have an AI problem, it’s that you have a detection problem. The fix is…

64
00:12:19.320 –> 00:12:27.940
Chris Ray: You know, I’m sure you guys can talk for hours about this. Decoy IAM rules, honey credentials in buckets, and just CloudTrail monitoring that is actually effective.

65
00:12:29.640 –> 00:12:30.730
Suril Desai: Exactly.

66
00:12:34.690 –> 00:12:37.020
Chris Ray: So, Cloud Mythos.

67
00:12:37.330 –> 00:12:54.430
Chris Ray: I’m gonna go ahead and be the skeptic in the room. You know, a benchmark, a .83 on CyberGym, that’s really interesting. That stands out to me. I love being so deep into technology and AI right now. I’m thankful to be alive at this point in the technology bell curve.

68
00:12:56.630 –> 00:13:12.500
Chris Ray: but found thousands of vulnerabilities, it’s meaningless metric without an exploitability data, without that asymmetric advantage claim, which, you know, I’ll caution, can be overstated. We know vulnerability counts are the worst possible measure of offensive capability.

69
00:13:12.580 –> 00:13:15.720
Chris Ray: You know, most found bugs are unexploitable.

70
00:13:15.800 –> 00:13:30.289
Chris Ray: It’s duplicative, they’re low impact. The historical ratio from manual fuzzing programs is roughly, like, you know, whatever, arbitrary number, 100 to 1, it’s somewhere around there, as far as found to actually weaponizable vulnerabilities.

71
00:13:30.350 –> 00:13:45.549
Chris Ray: I would say, you know, don’t budget against a model that hasn’t been released yet. Budget against the structural reliability that’s been true since before any of this. You will have on-patch critical vulnerabilities, you will have data that you’re not sure it even exists, you will have IAM…

72
00:13:45.600 –> 00:13:56.689
Chris Ray: permissions issues and governance problems. You need to identify how you can fill those detection gaps more easily, not trying to,

73
00:13:57.270 –> 00:14:02.390
Chris Ray: Identify a better hammer for that specific job, if that analogy makes sense.

74
00:14:04.110 –> 00:14:22.949
Suril Desai: Absolutely, I mean, and I think, you know, if you separate the hype from the actual… so the science, so what has actually changed in this model, and then compared to that, the previous model, and so what’s the journey, and what is really different from a actual, let’s say, AI science or computer science point of view?

75
00:14:23.100 –> 00:14:41.720
Suril Desai: So the main thing here is basically not that, you know, it’s doing anything magical, it is basically the ability to continuous improvements in reasoning capabilities that these models are having, right? And where it’s… so, for example, this exploit about remote code execution in OpenBSD,

76
00:14:41.720 –> 00:14:50.570
Suril Desai: So, as we know, as practitioners, OpenBSD is sort of one of the most… more hardened OS versions. Most flavors of BSD are actually fairly hardened.

77
00:14:50.720 –> 00:15:09.940
Suril Desai: BSD actually powers, at some point, you know, the origins of the macOS kernel, so it’s a pretty fairly well-designed and hardened OS. So now, the thing is, when you find remote code execution through source code analysis, that requires a whole bunch of reasoning through pure

78
00:15:09.950 –> 00:15:21.100
Suril Desai: code loops, right? To be able to say… the model needs to be able to assess purely based on analysis of the source code to say, this is an exploitable RCE.

79
00:15:21.310 –> 00:15:39.800
Suril Desai: And that requires a whole bunch of context, and an ability to store that context, and then to reason through that context. As that improves, effectively the whole shift, if at all, is that basically the vulnerability exploits that were there always

80
00:15:39.860 –> 00:15:51.800
Suril Desai: are going to shift in the sense that now zero days, which are either too unknown, can be found by the models through this reasoning, and they can then use that to go and exploit the

81
00:15:52.010 –> 00:16:01.449
Suril Desai: apps. And so, to that extent, the aperture of possible exploits will go up, because these models are gaining that type of reasoning sophistication.

82
00:16:01.500 –> 00:16:17.950
Suril Desai: And as Chris pointed out, I think that from a defender’s point of view, ultimately it’s about security hygiene and doing all the good practices. The main constraint is always the production impact of applying the patches, and what does it take to get the environments

83
00:16:17.950 –> 00:16:24.199
Suril Desai: stood up correctly and make sure that, you know, the enterprise does not have an outage. So that requires its own

84
00:16:24.200 –> 00:16:29.780
Suril Desai: change control window, and so if… if there are new zero days being found.

85
00:16:29.810 –> 00:16:33.389
Suril Desai: Then that creates a little bit of a risk as far as the defenders.

86
00:16:34.390 –> 00:16:54.250
Chris Ray: Yeah, and I… I don’t mean to downplay the impact that the… the evolution, not revolution, but evolution of the different models will have. I mean, every time they leap forward, that creates a gap between defenders and attackers, and that gap is, like you said, filled with zero days. It’s filled with novel techniques. So it’s… it’s…

87
00:16:54.400 –> 00:17:06.859
Chris Ray: it’s kind of underscoring the need to pivot away from heuristics and behaviors and rule-based understanding of what’s a security event and what is not. And, you know, when you start talking about that gap.

88
00:17:07.130 –> 00:17:21.829
Chris Ray: when the new models are released, that gap that gets created, you really need something that’s going to be robust, that can detect. It doesn’t matter what the tactic is, it doesn’t matter what the technique is. If the end result is a compromise of a credential, or the compromise of a service.

89
00:17:21.829 –> 00:17:27.389
Chris Ray: that’s really what you need to be detecting, and this is why I’ve been such a fan of detection technology, or deception technology.

90
00:17:27.390 –> 00:17:40.800
Chris Ray: going on, you know, I think 12 years ago, I was, you know, raised my hand in a team meeting and said, why don’t we do this? And, you know, it was shut down, but I never quite let go of that thread. It’s like, deception can solve a lot of these problems.

91
00:17:40.810 –> 00:17:43.759
Chris Ray: We just have to recognize where the best use case is.

92
00:17:49.410 –> 00:17:52.620
Chris Ray: So, when… when you see…

93
00:17:52.830 –> 00:18:02.360
Chris Ray: Bruce Chanier, John Easterly, Rob Joyce, they all come with the same recommendations for deception, I felt…

94
00:18:02.590 –> 00:18:21.689
Chris Ray: other than me just being a big proponent of deception to begin with, that’s a very strong signal to the market that, maybe the strongest that deception has ever received. It’s also, frankly, it’s overdue, like I said, probably by about a decade. You know, the endorsement framing, attack tool and vulnerability independent, that’s very important.

95
00:18:21.690 –> 00:18:25.769
Chris Ray: The timeframe that they laid out, the next 90 days to 6 months, that matters.

96
00:18:25.770 –> 00:18:37.949
Chris Ray: These are not people who are prone to alarmism. They’re explicitly telling leadership that this isn’t a next-year problem, that’s a this year problem, you need to get ahead of it and address it. You know, pre-authorized containment actions, machine speed playbooks.

97
00:18:37.980 –> 00:18:40.889
Chris Ray: These are… these are called out as a recommendation.

98
00:18:41.000 –> 00:18:55.350
Chris Ray: But they’re an area that a lot of enterprises struggle with. We know that, I know that from working in them. Deception generates high fidelity alerts, but if you’re sore or can’t act on them automatically, that speed advantage will evaporate.

99
00:18:56.970 –> 00:19:10.779
Suril Desai: Exactly. You know, I think, as Chris pointed out, fundamentally, the reason the experts are calling for this now, and, you know, let’s say 3 years ago, it was not… it was always on the anvil, but now it is a here and now situation.

100
00:19:10.800 –> 00:19:26.300
Suril Desai: is fundamentally the ability to find the zero day. I mean, effectively, the reasoning advances, where effectively the model… because now it’s a machine, zero days work could have been found earlier as well, and were found by attackers, but the number of

101
00:19:26.300 –> 00:19:45.470
Suril Desai: humans who can go and find a zero day, the skills required for that are finite in the world, right? There may be a few, really expert attackers who can do the source code analysis and find a zero-day, but as the models gain the reasoning capability, and they are trained on the corpus of the entire

102
00:19:45.470 –> 00:19:53.600
Suril Desai: all publicly available open source. So, as a result, they have the entire universe of source code available in their training data.

103
00:19:53.600 –> 00:20:02.070
Suril Desai: And then they have the ability to autonomously reason through that code and then figure out, you know, new vulnerability exploits.

104
00:20:02.070 –> 00:20:14.969
Suril Desai: then more than the actual magnitude of the exploits, the more risk for a defender is the fact that there are unknown exploits that are going to be able to be found. And even if a few of them are unknown.

105
00:20:15.050 –> 00:20:31.030
Suril Desai: Then the question is, what are the security controls that have an ability to find an unknown exploit? That is, by definition, you know, a lot of the traditional forms of detection, where you’re writing a rule, for example, to find an attack.

106
00:20:31.310 –> 00:20:40.259
Suril Desai: when you’re writing a rule, you have to have a known pattern to write a rule for. So, almost by definition, you can only write a rule for something that you already know a priori.

107
00:20:40.320 –> 00:20:51.210
Suril Desai: And as the models gain the ability to find things for which there is no known pattern, then the question is, what control can help the defender from that perspective?

108
00:20:51.210 –> 00:21:07.439
Suril Desai: That’s why they call out the fact that deception is attack tool and vulnerability independent, which is sort of the core thesis there to say that it’s not dependent on a known rule or a known attack signature. And so if that’s what the model is able to achieve.

109
00:21:07.440 –> 00:21:17.449
Suril Desai: Then the defender needs to place controls in place that can mitigate that type of an exploit, and that’s what the reasoning for their thesis.

110
00:21:18.640 –> 00:21:19.420
Suril Desai: Great.

111
00:21:19.420 –> 00:21:20.330
Chris Ray: Completely agree.

112
00:21:21.930 –> 00:21:38.279
Chris Ray: So the, I appreciate you guys pointing this out to me. I missed this research until we spoke a few weeks ago. The Ben-Gurion paper is the most important deception research in 5 years, because it does something that I think the field has generally avoided.

113
00:21:38.280 –> 00:21:43.060
Chris Ray: It weaponizes the model’s own architectural weaknesses against the attacker.

114
00:21:43.060 –> 00:21:47.150
Chris Ray: And that’s a fundamentally new defensive primitive. You know,

115
00:21:47.470 –> 00:21:55.300
Chris Ray: Classical deception assumes a rational adversary doing, like, a cost-benefit analysis. LLMs aren’t rational, they’re statistical.

116
00:21:55.440 –> 00:22:08.390
Chris Ray: They have specific exploitable failure modes, context window limits, hallucination triggers, token biases. Designing decoys that target those failure modes is cutting edge, genuinely new science.

117
00:22:08.420 –> 00:22:16.469
Chris Ray: We know that there’s a 100% success rate against 11 CTF machines. That’s a small sample, and CTF environments are… they’re not production.

118
00:22:16.510 –> 00:22:21.840
Chris Ray: But the technique class, Unicode Honey Tokens, Landmine Tokens that force hallucination.

119
00:22:22.140 –> 00:22:27.730
Chris Ray: This is becoming exploits of reality, not something that we’re just theorizing about.

120
00:22:28.150 –> 00:22:47.059
Chris Ray: So, you know, I would watch research like this, I would read this paper if you really want to understand where deception’s going to have its impacts on AI and LLM. It’s where deception stops being a 1990s concept, retrofitted to a modern threat, and starts being LLM native. I’ll go ahead and I’ll use that term.

121
00:22:47.240 –> 00:23:01.239
Chris Ray: The practical implication here for you guys, the buyers, when you evaluate a deception platform in the next 18 months, ask the vendor specifically what their roadmap is for LLM-targeted decoys. If they don’t have an answer, that’s very telling.

122
00:23:07.200 –> 00:23:09.000
Chris Ray: Mirage. So…

123
00:23:09.470 –> 00:23:24.249
Chris Ray: the framing of this, that defense should target attackers’ planning algorithms, not just their actions, not the TTPs. This is a very important conceptual shift in defensive thinking, since, you know, the kill chain came about.

124
00:23:24.450 –> 00:23:41.639
Chris Ray: And it’s not getting enough attention, unfortunately. I’m glad you guys are bringing it up here. You know, every defensive framework we use, the Lockheed Martin kill chain, attack, the Diamond model, it describes attacker behavior as observed, which is good. Mirage describes attacker cognition as exploitable.

125
00:23:41.940 –> 00:23:48.300
Chris Ray: That’s a different layer of abstraction, and it opens up entirely new control categories that we’ve never considered before.

126
00:23:48.370 –> 00:24:00.080
Chris Ray: So, if we expand state space, introducing wrong belief states, creating unproductive paths, these map directly to known weaknesses in automated planners, right?

127
00:24:00.080 –> 00:24:08.790
Chris Ray: But unlike a human attacker, automated planners can’t easily smell that they’re in a trap. They don’t have that intuition, they don’t have that gut feel.

128
00:24:08.850 –> 00:24:10.860
Chris Ray: They’re committed to the search.

129
00:24:11.380 –> 00:24:28.930
Chris Ray: This is also why deception scales well against agents in ways it doesn’t always scale against skilled humans. You know, a pen tester recognizes a too-good-to-be-true scenario, whereas an agent or a planner driven by a reward function, it’s going to chase that. So in some ways.

130
00:24:29.040 –> 00:24:35.650
Chris Ray: Taking this idea and, you know, using a bigger carrot on the end of the stick, it’s the right approach.

131
00:24:37.550 –> 00:24:39.389
Suril Desai: Thanks, Chris. Very good points.

132
00:24:40.800 –> 00:24:41.500
Suril Desai: Cold.

133
00:24:43.750 –> 00:24:45.750
Chris Ray: You wanted to start talking about the radar?

134
00:24:46.390 –> 00:24:59.850
Suril Desai: Sure, yeah. So, I think, you know, the GigaOm has done extensive research, as, you know, Anand pointed out earlier in the… in the webinar. I mean, I think this is, I guess, the first, fifth edition of the Deception Technology Radar, so,

135
00:25:00.100 –> 00:25:11.519
Suril Desai: you know, much appreciated for the extensive research in this space. Maybe, Chris, you can give a little bit of color into the radar itself, and then we’ll start with some of the key features on this.

136
00:25:12.370 –> 00:25:21.010
Chris Ray: So, the best way to think of the radar, if you haven’t seen the radar report before, is it’s a buyer’s guide for a specific technology segment. In this case, we’re talking about deception technologies.

137
00:25:21.260 –> 00:25:34.530
Chris Ray: The radar is a graphic. It charts out 360 degrees, top to bottom, left to right, closer to center is better. But it’s not, you know, throw away that paradigm you have in your head of up and to the right is the best solution. That’s…

138
00:25:34.730 –> 00:25:50.600
Chris Ray: That’s a failed premise that we want to avoid. There can be great solutions down and to the left, down and to the right, up and to the left, up and to the right. It all depends on what problems you’re trying to solve, and how does the technology that we’ve surveyed align to your

139
00:25:50.600 –> 00:26:05.710
Chris Ray: your current needs, but also your 12, 18, 24-month needs, and we evaluate those through a variety of capabilities. We have table stakes, which is how we define the space, logically. We say either you are or you are not this technology, and you must meet table stakes.

140
00:26:05.820 –> 00:26:24.660
Chris Ray: Then once we have that group of technologies to evaluate, we need to differentiate them in some meaningful way, and that’s where key features, which is what you have pulled up here, come in. Key features, emerging features, and business criteria, which we’ll talk about in a little bit, we score them all on a 0 to 5 scale. We try to be as,

141
00:26:24.960 –> 00:26:44.170
Chris Ray: as statistical-based as possible when evaluating these. We determine there’s probably going to be a bell curve for all of these features, and that’s a 3, you know, right in the middle of that bell curve, and then there’s vendors that don’t really execute on them, they’re, like, ones and twos, but then there’s vendors that are demonstrably better than their peers, everybody else in the space, and they’re going to earn 4s and maybe some fives.

142
00:26:44.230 –> 00:26:57.009
Chris Ray: You know, we’ve pulled out a few of the key features here, talking about identity and credential deception, the cloud SaaS and pipeline deception, attacker behavior analysis, the automated response orchestration.

143
00:26:57.010 –> 00:27:16.730
Chris Ray: how are you managing the deception deployment? So, deception management, and then cross-domain and multi-layer deception. Where are you able to deploy with this solution in your tech stack? Is it limited to just cloud? Is it limited to just endpoints, just identity, or can you do a little bit of everything? And that’s why we measure those, because that’s an important differentiator.

144
00:27:17.870 –> 00:27:20.100
Chris Ray: We can move on to the next one if you’re ready, Suril.

145
00:27:20.180 –> 00:27:33.739
Chris Ray: Then, like I mentioned, business criteria. These are non-functional. These are not capabilities, but these are really important to making a buying decision. So, cost transparency. How easy is it to budget for this solution?

146
00:27:33.740 –> 00:27:53.409
Chris Ray: You know, can you easily get this data? Does it change? Is it complex to calculate? The scalability of the solution, so not just how many of X can you deploy, but how well do you manage them? How far into your environment do they go? Getting back to that tech stack that we talked about, is it isolated and scoped really narrow, or can you scale it to a lot of different use cases?

147
00:27:53.410 –> 00:28:18.339
Chris Ray: flexibility, talking about your ability to just walk in, intuitively understand what I’m doing as an operator of this platform. That’s a very important metric. You don’t need 6 months of training. You should be able to walk into most technologies and figure them out. Maybe by the end of the day, you’re comfortable. By the end of the week, you’re the person, the guy or the gal that they’re coming to internally and saying, hey, how do I do this? It shouldn’t take you months to get to that point.

148
00:28:18.950 –> 00:28:25.169
Chris Ray: Talking about interoperability, you know, we call out SEAMSOR, XDR, IAM integrations.

149
00:28:25.420 –> 00:28:37.959
Chris Ray: having a deception technology platform or solution that connects natively with the technology you already have is a very important understanding that you have to have up front. If you are an octoshop and

150
00:28:37.960 –> 00:28:42.259
Chris Ray: you are evaluating a deception solution that just simply doesn’t know what to do with Okta.

151
00:28:42.260 –> 00:29:02.690
Chris Ray: That’s a problem. You need to probably remove them from your shortlist. And so we go through and we evaluate the vendors on their interoperability. And then operational efficiency, we’re just trying to measure, we’re trying to quantify, how does this improve your security operations? In what ways? How can they do it? Can we quantify it? And then we document that, and, you know, we give you a score.

152
00:29:05.700 –> 00:29:19.950
Chris Ray: So, as you… as you remember, I said the radar graphic, which is what you see here, 360 degrees, top to bottom, left to right. The left or right axis, what we’re really looking at there is the quantity of use cases the solution solves for.

153
00:29:20.160 –> 00:29:36.359
Chris Ray: If it’s very narrow in scope, it’s going to be more to the left. We’ve got a few vendors on the left side of the radar. If it’s broader in application, though, like I said, identity, endpoint, cloud, infrastructure services, then you’re going to solve more use cases, you’re going to shift to the right.

154
00:29:36.600 –> 00:29:54.760
Chris Ray: specifically looking top to bottom, we’re talking about maturity versus innovation. Don’t read into this too much. It’s not saying, you know, vendors on the bottom are immature, bug-prone solutions, and it’s not saying the ones on the top are the opposite of that. All we’re trying to say here is when you purchase the solution on day one.

155
00:29:55.000 –> 00:30:09.300
Chris Ray: Compared it to day 365, day 650, day 1000, how much change can you expect as an operator of the solution? Are they bringing new features in so quickly that at the end of your first year, you don’t recognize the solution?

156
00:30:09.320 –> 00:30:22.540
Chris Ray: That can be good for the right buyer, but it can also be bad for the wrong buyer. So we call that out, and that’s one of the ways that we try to represent that to you here. You see how Acalvio, landed in the leader ring, slightly below the

157
00:30:22.540 –> 00:30:30.250
Chris Ray: The… the maturity innovation line, so we’ve kind of quantified that they’re blending both of those qualities together.

158
00:30:30.330 –> 00:30:48.640
Chris Ray: And then, becoming an outperformer, what we’re really doing is we’re putting our finger on the pulse of the market, saying, how quickly are the vendors in this market developing new features, enhancing existing features, and to a very smaller extent, squashing bugs that are released in features.

159
00:30:48.660 –> 00:31:06.779
Chris Ray: We quantify that, we measure it, we find the baseline, and then anybody who’s accelerating away from the pack, who’s developing at a faster rate, we identify them as an outperformer. And as you can see here, at Acalvio, we’ve deemed them an outperformer for obvious reasons. You guys have brought many new features to market in the last 12 months.

160
00:31:12.000 –> 00:31:21.239
Chris Ray: So, diving a little bit into, ShadowPlex, do you want to take over on this, or do you want me to lend my perspective?

161
00:31:21.620 –> 00:31:24.170
Suril Desai: Go ahead, Chris, and then I’ll add something at the end here.

162
00:31:24.170 –> 00:31:42.480
Chris Ray: Yes, so when we’re talking about ShadowPlex, it’s important to understand, getting back to that placement on the radar platform. That means it’s broadly applicable, it solves numerous use cases, you aren’t going, from one siloed information to another silo of information, because you have, so many

163
00:31:42.480 –> 00:31:52.999
Chris Ray: different capabilities. We’ve recognized it for its deep integrations into existing SEAM, SOAR, EDR, and identity ecosystems. You know, we called out a few there, but that’s not the extensive list.

164
00:31:53.070 –> 00:32:02.079
Chris Ray: That enables a better score on your… your inter… interoperability, your better score on your integrations, ease of use.

165
00:32:02.170 –> 00:32:20.800
Chris Ray: Because of that, that contributed to some of its position as a leader this year. But moreover and beyond that, you know, the majority of the reason for ShadowPlex’s positioning as a leader this year is because of its strong performance in the key features, which makes up about 80% of the score placement.

166
00:32:20.800 –> 00:32:31.429
Chris Ray: Those key features, again, are the differentiating capabilities between vendors. So when you see a vendor that’s a leader, that tells you that they’re ahead on that bell curve. They’re doing better than their peers.

167
00:32:31.430 –> 00:32:41.799
Chris Ray: Then you see one that’s an innovative leader, that means that they’re also bringing new and enhanced features to the market. And of course, that’s how we’ve come up with ShadowPlex and our radar this year.

168
00:32:43.210 –> 00:32:52.779
Suril Desai: Thanks, Chris. And, you know, so the goal for us as a platform is to continue to, you know, bring value to our customers. Ultimately, the whole idea is to be able to

169
00:32:52.890 –> 00:33:08.750
Suril Desai: you know, combat the attackers, and attackers can target pretty much any part of the enterprise network, so they can get in, as we know, as defenders, they can get in into the on-prem IT network, they could get in into operational technology, or they could get in into a cloud environment.

170
00:33:08.770 –> 00:33:14.219
Suril Desai: And once they get in, then one of the core tenets of deception is to catch the attacker early.

171
00:33:14.290 –> 00:33:28.670
Suril Desai: And so, it’s very important as defenders that we should be able to have traps in the locations where the attacker is present, wherever they get initial access. That way, we can find the attacker and evict them before they can do any damage.

172
00:33:28.770 –> 00:33:45.640
Suril Desai: So, in order to achieve that goal, the platform needs to have a certain set of architectural tenets. For example, the ability to set deceptions across the enterprise estate, the ability to keep them dynamic so that they look relevant for the attacker.

173
00:33:45.830 –> 00:34:01.020
Suril Desai: making it easy to deploy, to Chris’s point, on, you know, avoiding a lot of administrative overhead on rolling out receptions. So, for example, we have… our platform is agentless, so it makes it easy to roll out without adding operational overhead of adding new agents.

174
00:34:01.040 –> 00:34:15.920
Suril Desai: And then weaving in the integration into the fabric, so that way it plays into the existing investments that the security organization has in place, and it actually forms overall cohesive security stack, rather than a…

175
00:34:15.920 –> 00:34:21.569
Suril Desai: disparate work. So that… those are some of the goals for the technology. That’s basically the idea.

176
00:34:25.600 –> 00:34:34.150
Chris Ray: You can see here, this is, you can think of it as selection criteria for a solution. As I mentioned, we score all the solutions on a scale of 0 to 5.

177
00:34:34.310 –> 00:34:51.749
Chris Ray: And you can see here, with cost transparency, scalability, working your way across the rest of the business metrics, Acalvio scored quite well, especially in scalability and ease of use, which I’ll always come back to. If it’s not simple enough for me to use, then it’s probably not a good solution.

178
00:34:51.929 –> 00:34:58.779
Chris Ray: I’m a die-hard, keep it as simple as you can, you know, and that’s why I include ease of use in most of my reports.

179
00:35:00.430 –> 00:35:01.500
Suril Desai: Great.

180
00:35:02.990 –> 00:35:05.560
Suril Desai: I think we can proceed.

181
00:35:05.920 –> 00:35:08.360
Suril Desai: So, yeah.

182
00:35:08.570 –> 00:35:10.660
Suril Desai: Quite address, I’ll just build this out here.

183
00:35:11.770 –> 00:35:18.780
Chris Ray: So, you know, when we get back to talking about, kind of zooming out from the conversation we’ve been having.

184
00:35:18.780 –> 00:35:33.769
Chris Ray: When we’re talking about what is the value of deception technology? How does it help me detect malicious behaviors or security events more quickly, that’s really where deception shines. Even 15 years ago, in a more simplistic form.

185
00:35:33.780 –> 00:35:52.489
Chris Ray: it was able to deliver earlier detection telemetry better than, at the time, you know, next-gen AV, next-gen firewalls, DLP gateways. They were much more of a detective control than they were a preventative control, and I’m not saying that deception can be preventative.

186
00:35:52.490 –> 00:36:03.080
Chris Ray: But when you start looking at the capabilities of deception today with high interaction decoys, which chew up time, which is becoming more and more important, as we talked about.

187
00:36:03.080 –> 00:36:22.989
Chris Ray: AI is speeding up the attacker lifecycle. Well, guess what? A high interaction token or high interaction decoy deployment, that can chew away at that efficiency. That can give the defenders that time. So you can see here, this is a neat summarization of the MITRE ATCK framework that you don’t see too often. It just kind of boils it down to the top-level categories.

188
00:36:23.420 –> 00:36:33.700
Chris Ray: up in, you know, reconnaissance is the first stage, and that’s very difficult to detect at that stage. It’s, you know, Google searching is a form of reconnaissance. There’s not much you can do about that.

189
00:36:33.750 –> 00:36:47.250
Chris Ray: But to be able to land in initial access, and then persistence and privilege escalation, and have telemetry at those stages, that’s way more valuable than having telemetry at command and control and exfiltration. Yeah, it’s good to know something’s leaving my environment.

190
00:36:47.250 –> 00:36:57.149
Chris Ray: But at that point, so many things have gone wrong ahead of that. At this point, you’re just getting ahead of the, the breach notification, or the email from the FBI letting you know, hey, we’ve found your data.

191
00:36:58.950 –> 00:37:05.250
Suril Desai: Thanks, Chris. I’ll show a quick demo of, agentic attack and what deception can do.

192
00:37:05.480 –> 00:37:09.259
Suril Desai: I’ll play it out, just let me know whether the audio is coming through.

193
00:37:09.880 –> 00:37:15.639
Suril Desai: This video shows This video shows an agentic… Is the audio coming through?

194
00:37:15.640 –> 00:37:16.560
Chris Ray: Yep, you’re good.

195
00:37:16.680 –> 00:37:24.189
Suril Desai: Okay, great. So I’ll let it play, and then I’ll give some commentary at the end. AI attack and security measures to defend against these attacks.

196
00:37:27.220 –> 00:37:30.009
Suril Desai: AI agents introduce a new attack surface.

197
00:37:30.430 –> 00:37:37.539
Suril Desai: Let’s look at a real-world LLM jacking attack, where an agent was manipulated to launch foundational cloud models.

198
00:37:37.720 –> 00:37:41.360
Suril Desai: The attack began with credentials stolen from a public storage bucket.

199
00:37:42.560 –> 00:37:56.740
Suril Desai: An attacker manipulated the AI agent on the virtual machine to perform a complex exploit. In just 8 minutes, the agent gained full admin privileges by enumerating service accounts, impersonating one of these identities and injecting code into a serverless function.

200
00:37:56.900 –> 00:38:06.740
Suril Desai: It then created a backdoor user for persistence, and just 58 minutes after starting, launched LLM models, completing the LLM jacking exploit.

201
00:38:10.800 –> 00:38:18.009
Suril Desai: To understand why the AI agent reached its goal much faster than a human attacker, let’s take a closer look at this step.

202
00:38:18.130 –> 00:38:25.920
Suril Desai: The agent started with an enumeration step to list the service accounts. In response, details of 5,000 service accounts were returned.

203
00:38:26.190 –> 00:38:32.279
Suril Desai: The agent is interested only in administrative service accounts, so it formulated criteria for filtering service accounts.

204
00:38:33.720 –> 00:38:37.949
Suril Desai: Then, it spawned sub-agents to filter the service accounts.

205
00:38:38.200 –> 00:38:45.030
Suril Desai: The agent partitioned the set of service accounts into smaller groups, assigning each sub-agent 1,000 service accounts to process.

206
00:38:45.190 –> 00:38:55.930
Suril Desai: All five sub-agents worked in parallel, applying the filter criteria and cycling through the set of accounts at machine speed. With this approach, the agent processed 5,000 service accounts in a few minutes.

207
00:38:58.640 –> 00:39:07.639
Suril Desai: and then started the impersonation of administrative service accounts. This automation and parallelism are unique characteristics of agentic AI attacks.

208
00:39:14.000 –> 00:39:17.559
Suril Desai: Traditional security controls were designed for the human attacker.

209
00:39:19.170 –> 00:39:24.900
Suril Desai: These controls work by baselining normal usage over time and flagging any activity that looks different.

210
00:39:25.100 –> 00:39:37.149
Suril Desai: This approach assumes the defense has hours, or even days, to counter a human attacker. When faced with an agentic AI attack, any signal raised by these security controls often comes after the agent has completed its mission.

211
00:39:40.000 –> 00:39:47.120
Suril Desai: Preemptive security is based on the principle of setting traps based on deception technology to defend against malicious use of AI agents.

212
00:39:48.640 –> 00:39:55.000
Suril Desai: Let’s see how Acalvio’s approach to deception, known as 360 deception, can counter a genetic AI attacks.

213
00:39:55.390 –> 00:40:10.860
Suril Desai: Acalvio Honey tokens are placed at strategic locations in the cloud environment. These honey tokens look like administrative user accounts and service accounts in cloud identity stores, and corresponding credentials deployed on virtual machine instances, storage buckets, and other cloud resources.

214
00:40:11.200 –> 00:40:16.610
Suril Desai: To understand this approach better, let’s take a closer look at the service account Honey Tokens.

215
00:40:16.890 –> 00:40:21.300
Suril Desai: These Honey tokens have… Names that represent service accounts.

216
00:40:21.610 –> 00:40:27.560
Suril Desai: Privileges associated with typical admin permissions, and other characteristics that attract an attacker’s attention.

217
00:40:28.910 –> 00:40:33.740
Suril Desai: Acalvio uses these traps to detect the AI agent very early in the exploit sequence.

218
00:40:36.740 –> 00:40:41.300
Suril Desai: Now, let’s see what happens from the point where the attacker manipulates the AI agent.

219
00:40:50.450 –> 00:40:58.650
Suril Desai: While sub-agent 1 is processing service accounts, it finds one that matches all the criteria. The subagent returns this service account to the agent.

220
00:40:58.930 –> 00:41:01.459
Suril Desai: But this service account is a Honey token.

221
00:41:01.670 –> 00:41:19.180
Suril Desai: When the agent attempts to impersonate the Honey token, a detection is generated by Acalvio. At the same time, the agent’s attempt to impersonate the Honey token is automatically denied. The detection details captured by Acalvio show the user account that was compromised by the attacker.

222
00:41:20.240 –> 00:41:29.539
Suril Desai: Automated response actions are initiated to isolate the compromised user account and the virtual machine with the agent. The attack is intercepted at the reconnaissance phase.

223
00:41:33.030 –> 00:41:39.269
Suril Desai: In summary, agentic AI attacks move at machine speed, much faster than human attackers.

224
00:41:40.220 –> 00:41:44.939
Suril Desai: Traditional security controls that were designed for the human adversary are unable to keep pace.

225
00:41:46.360 –> 00:41:52.650
Suril Desai: Preemptive security sets traps for the agent, isolating the attack early and safeguarding the organization’s assets.

226
00:41:55.870 –> 00:42:01.399
Suril Desai: Great, so… so that’s a quick summary. I think the main… main insight here is about the…

227
00:42:01.700 –> 00:42:12.540
Suril Desai: concurrency. The fact that the agent… if… when we look back at the exploit that we saw earlier in the webinar at step two, where it was time to go and enumerate admin identities.

228
00:42:12.560 –> 00:42:25.329
Suril Desai: the agent has the ability to fork sub-agents, and the number of sub-agents that it can spawn is based on available compute. So as long as it has sufficient compute and resources available.

229
00:42:25.440 –> 00:42:41.169
Suril Desai: The agent can spawn as many sub-agents as it needs, partition the problem space into smaller problems, decompose it into subtasks, and then execute these subtasks concurrently, because of the underneath infra that it has available to it.

230
00:42:41.410 –> 00:42:55.819
Suril Desai: That makes the threat landscape different from that point of view. It’s not necessarily a new offensive technique, but it is a way you crunch through this exploit and the data set and get the results faster.

231
00:42:55.820 –> 00:43:04.809
Suril Desai: Which then requires an approach that inherently can find this exploit at that speed, and that’s where deception really shines, because

232
00:43:05.070 –> 00:43:22.290
Suril Desai: the moment somebody touches it, we can raise an alert. It does not require a baseline to be formed, and then the signal to reach a certain threshold. It can give instantaneous results, and in the agentic exploits world, it has that benefit.

233
00:43:22.510 –> 00:43:28.940
Suril Desai: Great. I think that’s all we wanted to mainly discuss, Anand. We can open up for any questions.

234
00:43:32.440 –> 00:43:35.449
Anand Akela: Sure, so this time, you could,

235
00:43:35.800 –> 00:43:44.099
Anand Akela: Well, there are a few questions, but this is the time when you could ask some more questions as well as we take some of these questions that came in.

236
00:43:44.340 –> 00:43:47.780
Anand Akela: So, let’s start with,

237
00:43:48.530 –> 00:43:57.000
Anand Akela: Oh, wow. I am concerned about mythos, especially when weaponized by attacker. Can deception help?

238
00:43:57.860 –> 00:44:01.180
Anand Akela: what types of deceptions should I apply… deploy?

239
00:44:02.830 –> 00:44:03.809
Suril Desai: That’s where I can…

240
00:44:04.620 –> 00:44:17.180
Chris Ray: Yeah, so I can jump in there. You know, getting back to, like, we talked about, there’s Cloud 4.7 today, there’s the Gemini models, there’s ChatGPT, what is it, 5.5 now? 5.4? I forget.

241
00:44:17.500 –> 00:44:22.690
Chris Ray: And then we’re gonna leap forward to mythos. There’s that gap that’s created. That gap…

242
00:44:22.690 –> 00:44:39.110
Chris Ray: is difficult to fill unless you have something that gives you early telemetry. You’re asking the right question. You’re saying, I’m worried about Mythos because, you know, you didn’t verbalize it, but, you know, we’re talking about the same thing. There’s a gap in detection capabilities created by that giant leap forward.

243
00:44:39.330 –> 00:44:42.839
Chris Ray: This is why I’m such a big fan of deception, is because it’s… it’s…

244
00:44:43.030 –> 00:44:55.279
Chris Ray: On one hand, it’s generic enough to be broadly applicable, but at the same time, it produces high-fidelity telemetry, which is really what defenders need to be able to make good decisions and actions.

245
00:44:55.290 –> 00:45:05.219
Chris Ray: So then the next part of your question is, is what kind of deception should I be thinking about deploying? I’d say start number one with identity. Identity is still the forefront.

246
00:45:05.430 –> 00:45:20.130
Chris Ray: I think AI is only accelerating that, you know, AI has been the battleground for… or not AI, identity has been the battleground for the last 3 or 4 years. That’s still the case today, just more so. So starting with identity, and then kind of working backwards. What are your…

247
00:45:20.130 –> 00:45:26.190
Chris Ray: most critical cloud accounts. What are your most critical services in those cloud accounts? Maybe the most critical data?

248
00:45:26.190 –> 00:45:40.619
Chris Ray: And then selecting, and this is going to depend on the deception vendor that you choose, selecting a pairing of deception decoys that goes with that, naturally, looks right, that can blend in with the herd.

249
00:45:40.620 –> 00:45:50.850
Chris Ray: And then deploying them and monitoring them. You know, that’s getting back to how we evaluate them. Is it easy to use? Is it easy to monitor? Does it fit your environment? Does it integrate with your technology?

250
00:45:51.170 –> 00:46:03.659
Chris Ray: this is kind of… should be, building some questions in your head as you’re either already, you know, you own Deception, or you’re still shopping. Those are the… that’s the approach that I would take. Those are the questions I’d be asking.

251
00:46:05.500 –> 00:46:06.960
Suril Desai: Thanks, Chris.

252
00:46:08.210 –> 00:46:11.499
Anand Akela: Sounds good. Let’s take another one.

253
00:46:11.820 –> 00:46:18.239
Anand Akela: What are the types of response actions that can be applied to agentic AI attacks?

254
00:46:19.900 –> 00:46:37.690
Chris Ray: This is, I’d like to hear your input on this, Suril, but, you know, mine is… it’s going to depend on the organization, and I hate to give a wishy-washy answer, but it really will. Just like the same… same side, we’re… we’re not completely comfortable with automating everything that we do in development pipelines. We still want human in the loop at some point.

255
00:46:37.690 –> 00:46:45.329
Chris Ray: we… we maybe look to Cursor and Cloud Code, and we say, okay, they’re helping us build these new features and new modules.

256
00:46:45.610 –> 00:46:57.090
Chris Ray: but I have to give it very explicit instructions of what not to do or what to do, and then I have to carefully review the code to make sure it’s actually following through. The same thing exists on the Defender side.

257
00:46:57.150 –> 00:46:59.140
Chris Ray: As far as responses go.

258
00:46:59.190 –> 00:47:13.419
Chris Ray: there’s pros and cons to every single response. You know, you have to weigh those. Some responses are just drop-dead, yeah, okay, that makes sense. There’s no reason I’d want to put a human gate in there. Other responses come with risks that you’re going to want humans to evaluate.

259
00:47:13.420 –> 00:47:24.629
Chris Ray: You’ll find the capability of response will be variable, highly variable, I should say, across the different solutions, and so that is an area to pay extra careful attention to.

260
00:47:26.110 –> 00:47:41.179
Suril Desai: Absolutely, and you know, I’ll just add that, you know, if you look at the research from Ben-Gurion University, the cloak, daggers, and, you know, honey paper, that actually has some good data points for response actions for pageanting attacks.

261
00:47:41.180 –> 00:47:46.500
Suril Desai: Like, you know, for example, the cloak concept is the ability to effectively

262
00:47:46.560 –> 00:47:59.469
Suril Desai: cloak your real… shield your real assets. When an agent is trying to go after those assets, by actually misleading or misdirecting the agent away from the real asset towards the

263
00:47:59.470 –> 00:48:24.449
Suril Desai: deceptive target. And then, you know, similarly is the concept of dagger, so which actually shifts the landscape so where you can have a detection signal, and then one normal way of doing a response action is to actually gain time for the defender by slowing down or misleading or disrupting the attacker, right? Where, effectively, if it’s an agent, it has a certain objective function that is trying

264
00:48:24.450 –> 00:48:31.280
Suril Desai: to achieve. For example, it needs to go after a key asset, and it’s trying to propagate to, on its pathway to doing it.

265
00:48:31.370 –> 00:48:48.059
Suril Desai: We set the right set of traps, and those traps do the right set of things. For example, it satisfies the agent, saying, I have all the data for you, it sends valid responses back, then the agent believes that it has got what it needs, and it’s

266
00:48:48.220 –> 00:49:01.950
Suril Desai: It’s constraints are satisfied, and now it… your actual assets are protected, which are some additional forms of response that deception can provide, on top of the blocking and the isolation responses that we always have as defenders.

267
00:49:04.720 –> 00:49:05.500
Suril Desai: Pardon?

268
00:49:05.560 –> 00:49:07.450
Anand Akela: Sounds good, yeah.

269
00:49:08.750 –> 00:49:14.329
Anand Akela: Alright, so next question, we have a large…

270
00:49:15.050 –> 00:49:21.649
Anand Akela: enterprise environment, data centers, corporate offices, branch offices, DMZs.

271
00:49:22.000 –> 00:49:32.350
Anand Akela: you know, different acquisitions that we have done, where… is there any recommendation on where to start, deception?

272
00:49:33.010 –> 00:49:44.020
Chris Ray: So I’ll start with the easy one, identity. Because it touches so much, because it’s, you know, not only is it the number one target right now, and has been for years, but it’s also…

273
00:49:44.360 –> 00:49:59.410
Chris Ray: at this point in time, with the right deception vendor, it’s relatively easy to do. It scales very well. It provides high quality, high-fidelity signaling. You can, on a first pass, starting with just identity alone.

274
00:49:59.540 –> 00:50:01.699
Chris Ray: You can shore up a lot of your gaps.

275
00:50:04.230 –> 00:50:20.559
Suril Desai: Absolutely, and you know, what many of our customers are doing is that, effectively, because they need a way to organize the deception rollout strategy, and so typically, a couple of things are being used, you know, identity is definitely one of the core focus areas, because that’s, like, the

276
00:50:20.560 –> 00:50:36.949
Suril Desai: number one exploit for the attacker, as Chris pointed out. And then, you know, you can also organize it by looking at saying, where will the attacker enter from, and where will the attacker go toward? You know, so sort of two extreme ends of the puzzle to say, for my enterprise network.

277
00:50:37.010 –> 00:50:49.890
Suril Desai: The entry points that are at highest risk are the user environment, where attackers can get in by phishing, the DMZ environment, where the attacker can get in by internet exploits, so that’s sort of your points of entry.

278
00:50:49.890 –> 00:50:57.210
Suril Desai: And setting some traps at that point and starting as that in the evolution journey is a good consideration.

279
00:50:57.210 –> 00:51:08.439
Suril Desai: Then the second is, where will the attacker go toward? And the go toward is identity architecture, you know, your core assets in the data center, production databases, which have high-value data.

280
00:51:08.810 –> 00:51:21.350
Suril Desai: key assets, effectively, if you will. That’s where the second piece of the journey can go on. And as you cover those two extreme ends of the puzzle, now you have some way to get coverage

281
00:51:21.350 –> 00:51:30.350
Suril Desai: Early in your rollout journey, then you can come back towards the middle, which is the broader part of the enterprise network and expand your coverage footprint.

282
00:51:31.210 –> 00:51:32.210
Suril Desai: Where I’m…

283
00:51:32.720 –> 00:51:33.330
Anand Akela: Yeah.

284
00:51:33.620 –> 00:51:42.110
Anand Akela: All right, how do I measure the ROI and, or effectiveness of the deception rollout?

285
00:51:43.410 –> 00:51:43.960
Anand Akela: Yeah.

286
00:51:43.960 –> 00:51:44.400
Chris Ray: this…

287
00:51:44.400 –> 00:51:46.180
Anand Akela: against agentic attacks.

288
00:51:47.110 –> 00:51:56.379
Chris Ray: you know, quantifying… this is a good question, because quantifying your security investment is difficult, regardless of the technology we’re talking about. Some make it easier, some make it more difficult.

289
00:51:56.960 –> 00:52:03.290
Chris Ray: Deception can be one that’s more difficult, though, because what you’re trying to do is prove a negative. You’re trying to prove

290
00:52:03.550 –> 00:52:04.530
Chris Ray: that…

291
00:52:05.100 –> 00:52:21.850
Chris Ray: you, that nothing noteworthy happened, because nothing noteworthy happened. But how do you do that? There’s a variety of ways that I’ve seen in the survey of the market. Suril, I’d like to hear your thoughts on this, because this is a real challenge.

292
00:52:22.250 –> 00:52:42.019
Suril Desai: Absolutely. I mean, I think as Chris pointed out, in pretty much in anything in cybersecurity, there is the question of how do you measure the ROI. So what our customers are doing is that, you know, simulating an attacker, because fundamentally, the whole idea is that the real attacker, let’s say you’re going in and doing an evaluation of a control like deception.

293
00:52:42.020 –> 00:52:50.600
Suril Desai: As a practitioner or as a defender, you have limited time window to do the evaluation, and you might be doing it in a smaller part of your enterprise network.

294
00:52:50.840 –> 00:53:09.330
Suril Desai: it may not be the case that there is a real attacker in that part of the enterprise network within your small evaluation window of time, and you still want to know, is this control effective or not? So, one way that our customers are using is effectively red teaming, where they actually go and do, like, offensive simulation.

295
00:53:09.330 –> 00:53:18.499
Suril Desai: And then you can… so you give it a mission statement, and say, can the control catch it in that type of a simulated environment?

296
00:53:18.660 –> 00:53:29.829
Suril Desai: In the agentic world, actually, that becomes a little bit easier, because there are frameworks, for example, cybersecurity AI agent, CAI is like an open source.

297
00:53:29.940 –> 00:53:46.369
Suril Desai: pen testing framework, which can be used to simulate an offensive series of activity available as an agent. So that makes it easier for the defender to download open source frameworks. It does not require… sometimes red teaming earlier would require skills, you know, you need to bring a red teamer from the outside.

298
00:53:46.370 –> 00:53:46.820
Chris Ray: Oh, yeah.

299
00:53:46.820 –> 00:53:59.820
Suril Desai: I think those things can be difficult, but now there is more codification through using those agents, and that can be a good mechanism to be able to quickly validate the efficacy of a control of this nature and get results.

300
00:54:01.450 –> 00:54:25.359
Anand Akela: Yeah, I think that the red teaming, I just kind of remember, Suril, when you started talking about it, you know, I host our customer advisory board, and one of the CISOs said that, hey, you guys look assigned on our annual red teaming days, yeah, because that’s where they can really kind of showcase the value. Let’s see, there are a couple of other questions. What trainings should I give

301
00:54:25.360 –> 00:54:29.610
Anand Akela: my SOC team to prepare for the rollout of Deception.

302
00:54:33.030 –> 00:54:41.620
Chris Ray: I don’t… I don’t know of anything, sort of, I’ll say, off the shelf, above and beyond the fundamentals, you know, understanding the MITRE ATC matrix.

303
00:54:41.740 –> 00:54:54.989
Chris Ray: understanding some sort of the, the tribal knowledge in the organization, playbooks, locations, expectations, escalation metrics, that sort of stuff. So, Rail, have you seen anything that you feel would be,

304
00:54:55.130 –> 00:54:56.000
Chris Ray: Applicable?

305
00:54:56.440 –> 00:55:13.339
Suril Desai: Absolutely. Completely what you already said is spot on, Chris, which is, from our platform point of view, one of the things we found from our customers from a SOC analyst is that typically, like, let’s say it’s a tiered SOC hierarchy, level 1, level 2, level 3 SOC, so especially level 1,

306
00:55:13.340 –> 00:55:16.729
Suril Desai: The SOC has so many controls that, you know, they’re consuming.

307
00:55:16.730 –> 00:55:32.170
Suril Desai: And it’s very hard for them to learn new controls and the, you know, details of each control. And so what we do in our platform is to map the alerts into a known taxonomy, like MITRE, like, you know, Chris pointed out. So you give a standardized

308
00:55:32.170 –> 00:55:38.650
Suril Desai: taxonomy, now the SOC can go and say, okay, I see this tactic showing up from this control.

309
00:55:38.710 –> 00:55:55.150
Suril Desai: pretty much doesn’t matter that’s a deception control, that’s sort of a byline. More important is that, you know, do I see collateral movement? Do I see credential access? So what type of a MITRE taxonomy am I dealing with? And then for that tactic, what’s my IR strategy?

310
00:55:55.150 –> 00:56:06.609
Suril Desai: And that can be then codified into a more standardized incident response playbook, so that way the Level 1 SOC analyst does not need to learn a lot of the details of this control.

311
00:56:08.000 –> 00:56:27.110
Anand Akela: Very good. All right, I think we have one last question. You still have another few minutes. If you have any other questions, please feel free to submit it. Otherwise, it’ll take the last question here. Should deception be integrated with my existing security controls, EDR, CSPM?

312
00:56:27.260 –> 00:56:31.820
Anand Akela: And, any best practice or consideration that you want to share?

313
00:56:32.860 –> 00:56:39.409
Chris Ray: Simply yes. I can expand on that quite a bit, though, but yeah, the easy…

314
00:56:39.540 –> 00:56:41.470
Chris Ray: The… very little thought.

315
00:56:41.630 –> 00:56:44.680
Chris Ray: should be yes. I’ve…

316
00:56:44.820 –> 00:57:00.279
Chris Ray: you know, I’ve worked hands-on building XDR solution at a startup. I’ve evaluated CNAP, CSPM, Cloud Workload Security, Zero Trust Network Access. There isn’t a single technology in the security domain that I’ve looked at.

317
00:57:00.440 –> 00:57:04.930
Chris Ray: And said, you know what? Deception wouldn’t make this better in some way.

318
00:57:05.190 –> 00:57:16.549
Chris Ray: Because it’s so broadly applicable. That’s really why, when you see a question like this, it’s like, where or should I even consider integrating it? It’s like, yes, absolutely, you should. Because each of these technologies

319
00:57:16.670 –> 00:57:23.720
Chris Ray: they operate within a scope, and they have boundaries in what they’re able to do and what they’re not able to do. Deception can help you

320
00:57:24.240 –> 00:57:30.030
Chris Ray: provide coverage on where those boundaries meet, overlapping coverage. And that’s really…

321
00:57:30.320 –> 00:57:42.590
Chris Ray: where I find a lot of value for deception in most organizations is that overlapping coverage or gap filling with the early detection telemetry, which is what we’ve been talking about now for 45 minutes.

322
00:57:44.910 –> 00:57:46.639
Suril Desai: Thanks, Chris, great. Anand?

323
00:57:47.220 –> 00:57:52.189
Anand Akela: There is no other question at this time, so let’s,

324
00:57:52.810 –> 00:58:07.370
Anand Akela: Let’s, you know, give a couple of minutes back, so we’ll, we’ll compile everything, send the recording, send actually the link to this, report that Chris and team has prepared as well, our report from, from GigaOm.

325
00:58:07.370 –> 00:58:23.030
Anand Akela: And with that, let’s conclude. Thanks, Chris and Suril for sharing your insights and preparing for the webinar. And participants, thank you again for joining us from a different part of the world. Appreciate it, and we’ll send you,

326
00:58:23.030 –> 00:58:27.039
Anand Akela: recording of the webinar as well. Thanks, everyone. Bye-bye now.

327
00:58:27.670 –> 00:58:28.430
Chris Ray: Thanks, guys.