Esc
Decoy Session Token
Definition
An authentication token created for the purposes of deceiving an adversary.
How it works
Usage of decoy session tokens may be monitored to track attacker behavior or otherwise control the beliefs of the attacker.
Considerations
- Interaction and activity with the decoy session token must be constantly monitored and analyzed to detect unauthorized activity.
- Session tokens are typically short-lived and therefore the decoy must be continuously updated to provide the appearance of it being used in the production environment.
- Automated tools can assist with maintenance and updates by automatically adjusting the decoy session token and environment to mimic the production environment.
loading...
loading...
References
All
Patent
The following references were used to develop the Decoy Session Token knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)
Decoy and deceptive data object technology
Reference Type: Patent Organization: Cymmetria Inc Author: Dean Sysman; Gadi Evron; Imri Goldberg; Itamar Sher; Shmuel Ur
D3FEND™
A knowledge graph of cybersecurity countermeasures