Esc
Decoy User Credential
Definition
A Credential created for the purpose of deceiving an adversary.
How it works
A detection analytic is developed to determine when a user uses decoy credentials. Subsequent actions by that user may be monitored or controlled by the defender.
A credential may be:
- Domain username and password
- Local system username and password
Considerations
- Decoy credentials should be integrated with a larger decoy environment to ensure that when decoy credentials are compromised, the credentials are used to interact with a decoy asset that is being monitored.
- Continuous maintenance and updates are needed to ensure the legitimacy of the larger decoy environment and specifically the assets that utilize the decoy credentials.
loading...
loading...
References
All
Patent
The following references were used to develop the Decoy User Credential knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)
Decoy and deceptive data object technology
Reference Type: Patent Organization: Cymmetria Inc Author: Dean Sysman; Gadi Evron; Imri Goldberg; Itamar Sher; Shmuel Ur
Decoy network-based service for deceiving attackers
MITRE Comments
MITRE analysis was not found.
Reference Type: Patent Organization: Amazon Technologies Author: Thomas Stickle
System and method for identifying the presence of malware using mini-traps set at network endpoints
MITRE Comments
Questionable or all files (as determined by the enterprise) are forwarded to the decoy network. Using a manager node user interface, you can setup fake information (ex. IP address of a decoy FTP server) and deploy decoy physical or virtual endpoints.
Reference Type: Patent Organization: Fidelis Cybersecurity Solutions Inc Author: Doron Kolton; Rami Mizrahi; Omer Zohar; Benny Ben-Rabi; Alex Barbalat; Shlomi Gabai
D3FEND™
A knowledge graph of cybersecurity countermeasures