Answer to Question #300897 in Accounting for Jen

 D. Prescriptive analytics

what is data deception?

Deception technology is a type of cybersecurity defense that works by disseminating a series of traps and decoys throughout a system's infrastructure to simulate genuine assets. If a decoy is triggered by an intruder, the server will log and monitor the attack vectors used during the encounter.

how to avoid data deception.

(i)incorporate intruder traps into your overall surveillance strategy.

Choose your poison: Insight IDR provides four different types of intruder traps to catch intruders sooner during network recon and lateral movement, preventing crucial data from being taken.

(ii)Easily deploy and manage several honeypots.

It's a wonderful thing when an attacker first lands on your network. Why? It's one of those rare occasions when you have the upper hand. Honeypots from InsightIDR can help you make the most of it. The following is how it works: Internal reconnaissance, such as network scans, is used by attackers to identify where they should move laterally next. Honeypots, or network-listening decoy machines/servers, detect the use of nMap and other scanning tools, alerting you to an attacker's presence. Honeypots have traditionally been difficult to set up and administer centrally, but InsightIDR makes it simple to deploy one or more across your network.

(iii)Honey users can be used to detect password guessing attempts

Once an attacker has gained internal access to your network, they'll most likely attempt a vertical brute force attack, querying Active Directory for a complete list of users and trying a limited number of regularly used passwords across all of those accounts.

(iv)Detect the use of stolen credentials in attacks like pass-the-hash.

Once an attacker has acquired access to an endpoint, they can recover password hashes and even cleartext credentials without the use of external software. While endpoint detection and response systems can detect privilege escalation and other dangerous exploits, the question of what the attacker did next remains unanswered.

(v).Once an attacker has gained access to sensitive information, the next step is to remove it from the network—usually by zipping and copying the files to a remote drop server or a stolen cloud storage account. Because this exfiltration frequently occurs through HTTP/HTTPS, firewalls and conventional monitoring technologies are unable to identify it. You can define a honey file in a critical directory with InsightIDR. All operations performed on this file are tracked, including opening, editing, and copying, giving you file-level insight without the hassle of setting up an independent File Integrity Monitoring system.