Will the line of defense ever be breached?

Will the line of defense ever be breached?

Adoption of new deceptive and ruse elements in organizational defense


In the last few years, we are witnessed sophisticated cyber-attacks made by crime organizations and countries.

The attackers are more aggressive and fewer ethics with cyber operational abilities and high hand technology.
2020 was a dramatically rapid global cyber-attack.
During the covid-19, the bad guys made dozens of global cyber-attacks.
The covid-19 brings not just a conventional virus. It also made a massive opportunity to virtual virus, malicious and vulnerabilities that created chaos and used by bad guys to attack large organizations worldwide.
Unless the covid-19 was so global impacted, I suppose we would see a large response of governments.


Will the line of defense ever be breached?

Will the defender always be in operational inferiority and the attacker in operational superiority?
Is it doomed to the cyber defenders to lose in the attrition battle over modern digitization and the plethora of internet space options?

It is important to note that there has been an enormous leap forward in the cyber defenders’ capabilities and the cyber industry over the years.

Organization’s assets Risk management, advanced security architectures, honey traps, external controls, cyber intelligence, automated active testing tools, cyber insurance policies, Activity defense tools, all of these and more are now available to cyber defenders.

Cyber is an asymmetry war between the defenders to the attackers. Everybody knows that three teenagers connected to the Internet and basic knowledge can cause damage to digital life.
There is another asymmetry between the defender and the attacker, while the first one must protect all “openings and entrances” from all possible defeats. The bad guys need to find a single loophole and take advantage of it.
This complexity is further intensified as an organization, and IT networks are managed and use hundreds of advanced digital services and applications.

The attack methods and tools become dangerous and pass through the organizational defense systems.
Again and again, large companies with advanced defense technology that invest time and budget attacked by cybercriminals that cause substantial financial losses, reputation damage to organizations and their customers.
In my opinion, the main reason that bad guys succussed to tackle those companies is the lack of operational knowledge for defenders. Unfortunately, most of the defenders do not have “hackers and operational view.”


A ruse in organizational defense

Attempting to identify and detect cyber-attacks on organizations is not a new trend. On the “SOC” organizations, cyber intelligence and honey traps are tools used by progressive defense organizations.
Today we have tools that perform automated tests and, in fact, “as a friendly range” for organizations to detect technological vulnerabilities.

Yet, there is a lack of operational concept to prevent, detect and block the bad guys ahead of time, and enter the organization.

A ruse in organizational cyber defense puts another layer in security that tries to deal with attackers’ sophistication before hacking into organization networks and thus produce superiority in defense to bring about a process of prevention rather than containment of attack.

Most cyber-attackers use the Internet and hiding by global servers.
Many of the attacks use poi {pre-operation intelligence} on the attack targets, locate the relevant vulnerabilities, the weaknesses in the organization {assets, processes, and people} and then choose the attack method to drop the attack tools.

This method leaves traces of “digital scratches.”
If we could lead the attacker to points where we have “operational control,” we could detect them outside the organization and perform “preventive cyber defense.”
Closing the vulnerability, installing a blacklist, or signing the attacker’s tools are just part of the defenders’ opportunities.

Cyber defense decoy

A passive cyber defense that is not continually changing is fundamentally wrong. Cybersecurity that uses passive defense systems fails on the battlefield.

Using ruse and constant change may significantly reduce the attacker’s success in performing a cyber attack.
Protective defense using intentional “sparkle” routing outside the organization may improve its ability to detect ahead of time and protect the organization.

The more we can direct the bad guys to areas under our operational control by “glitter” {glitter = assets that are perceived as valuable in the opponent’s eyes} assets that are accurate.
When the bad guys attack the “shimmering” decoy, the defender is notified of an early alert.
The early alert will help vaccinate the organizational defense systems and prepare them against the attacker {by early detection and prevention in advance}.

To prevent APT attacks, it is necessary to adopt “attacker view” glasses that incorporate the techno-operational defense process.

The use of an extra-organizational ruse should reflect in the level of managing decoy’s people’s identities, identities asset management, demo supplier and supply chain management, external website management, demo network, and more.

In the draft Defense methodology 2.0 distributed by the National Cyber Directorate in December 2020, there is a professional update on “eye attacker” and ruse in defense.
Following this update, the trend is also expected to expand in technologies and perceptions that use an extra-organizational ruse and formulate orderly methods for utilizing a defense ruse. The latter will become part of the corporate cyber protection arsenal and training cyber defenders, CISO, and more in the coming years.


In my opinion, adopting an advanced defense scheme may prevent the line of defenders from being breached. Advanced operational concepts combined with advanced technological defense tools will enable better organizational resilience and create a superiority of the defenders.
I also believe that AI technology based on attacker views can prevent the next generation of APT cyber-attack.
Therefore, propose the following super architecture for protection.

Advanced Cyber Layers - Defense Tact

The author is a former deputy director-general – INCD
All rights reserved – Rafael Franco 2021