The role of automated moving target defence in protection against attacks.
In May 2024 at the RSA conference Jen Easterly - head of the US Cyber Security and Infrastructure Agency (CISA) - gave an interview to Axios about the impact of AI technology. She stated that “AI will exacerbate the threats of cyberattacks — more sophisticated spear phishing, voice cloning, deepfakes, foreign malign influence and disinformation”.
Automated attacks have always been a problem, but the increasing availability of generative AI tools means that attackers are more easily able to create and launch attacks. As stated in the recent independent International AI Safety Report, “While expert knowledge is still essential, AI tools reduce the human effort and knowledge needed to survey target systems and gain unauthorised access.”
For example, in 2024 OpenAI published an article on their efforts to disrupt state actors who were using their services “for querying open-source information, translating, finding coding errors, and running basic coding tasks.” There is also interest from the academic community, for example this evaluation of the effectiveness of large language models (LLMs) in completing capture the flag (CTF) security challenges.
Clearly, there is a need for organisations to develop a more flexible and proactive strategy to close the gap. This has led to an emerging trend: the development of preemptive cyber defense (PCD) technologies, which allow organisations to respond to attacks before they can be fully realized. The idea is that combining these emerging technologies with traditional detect-and-respond techniques will help counter the threats of generative AI-enabled cyber attacks.
The research consultancy Gartner recently published a number of pieces on PCD offerings under their Emerging Tech series. Tracebit is identified as a key vendor in this space, specifically because of our security canaries.
Tracebit’s security canaries
You can think of our security canaries as a sort of tripwire set up inside your perimeter: they are resources created solely in order to attract the attention of attackers. They are not like traditional threat detection technologies, and using them is inherently preemptive: you assume that attackers will breach systems and so you give them something to discover.
Therefore, alongside monitoring your actual assets for attacker activity amidst the noise of legitimate traffic, you can set up security canaries: only attackers should normally ever interact with them, and so any interaction with them is by definition suspicious. This will save you money and time spent chasing false positives.
Canary use cases
The following use cases illustrate how security canaries can help you establish preemptive security measures as part of a pre-emptive cyber defense strategy.
Use case 1: Using canaries to protect large and complex environments
For organisations with large IT estates, the challenge of using traditional detect-and-respond cyber defense technologies is extremely difficult at such scale. Such organisations may be forced to ration monitoring in order to ensure that business-critical systems receive the most protection, or find their detections overwhelmed with false positives. However, attackers may gain a foothold in a lower value target and then escalate from there.
This is an excellent example of how PCD technology can supplement traditional defenses: you can deploy canaries across such an environment in order to attract the attention of attackers. Monitoring these canaries is far less resource hungry, as almost all traffic that touches them is automatically suspicious.
Use case 2: Moving target defense
Attackers use automated tools to scan IT estates, in order to build up a picture of the attack surface. Using the data gathered they can then more effectively target their attacks. To counter this you can automate changes to your estate, effectively making it a moving target. This will decrease the value of these automated scans and make it harder for attackers to target specific assets.
We can help you automate the rapid deployment and decommissioning of canaries across your estate. This will make your attack surface more obscure to attackers, who will find it much more challenging to identify points of entry. It even helps protect against insider risk, making it harder for bad actors inside your organisation to identify targets.
Use case 3: Mitigating known risks
Organisations often find themselves with technical debt, where they have systems or services that they struggle to upgrade or maintain because of resource issues. For example, they may have a legacy API with third-party dependencies that are no longer patched, but cannot be locked down because some clients still depend on it.
In these cases, deploying security canaries to sit alongside or within these areas can help, especially if they are made slightly more attractive than the vulnerable systems. In probing these weak points an attacker is likely to also probe the canaries, which will alert your security people that an attack may be imminent.
How we can help
It is clear to us that organisations need to integrate PCD tools and techniques to complement their existing security measures, to provide better protection and defense-in-depth. This is especially important given the advent of generative AI, which is used by both attackers and defenders. When effectively designed and deployed, our security canaries can help you detect attacker activity - whether AI-enabled or not - and take the necessary steps to defend your data.
Our canaries can be rapidly deployed and generate low levels of network noise. They require no maintenance, have a low cost of ownership, and offer an excellent signal-to-noise ratio for your network monitoring systems.
If you would like to learn more about how our canaries can help you, click book a demo. Once you’ve provided your contact details our founders will be in touch very soon to start a conversation with you.
