Deceiving Attackers in Real Time with Deceptive Bytes
Deceptive Bytes was established last year by 3 brothers, to develop an effective solution against unknown and sophisticated malware, using deception technology. We spoke to CTO Avi Lamay to talk about this promising technology, and hear his views on data security. Share
What makes Deceptive Bytes unique?
Most cyber companies these days are using AI and machine learning, but these systems are complex, require massive amounts of data and are vulnerable even to small changes and errors. Furthermore, attackers are using the same technologies to counteract the defensive AI/ML. We have a different approach.
There’s a lot of malware out there which is very clever and evasive. When planning an attack, attackers try to understand what security systems are installed. They gather information to determine if the attack is worth their effort and if it’s safe for them.
Our deception technology stops attackers by generating false information, and deceiving them into believing they’re in a hostile or unattractive environment to attack.
On the offensive side, we stop malware by giving them the impression that their attack was successful even though nothing really happened and the machine is intact.
Our solution proves that even simpler solutions (as oppose to AI/ML) can stop viruses at once. Even though it seems simple, it’s actually very efficient. Take NotPetya and WannaCry for example, 2 major viruses which our solution was able to stop within 2 seconds without any damage to the machine and without prior knowledge, while traditional antivirus took up to a week to figure it out, with colossal damages that have yet been recovered.
Who is your typical client?
The Deceptive Bytes solution is suited for enterprises who are aware that current solutions, like traditional antivirus, only cover about 20-40% of their protection; Enterprises that understand that threats are evolving, and that their security should evolve as well.
We used a combination of knowledge and the technology to build a really light weight solution, deployable within seconds. In addition, it doesn’t interfere with the user experience, it doesn’t take many resources, and it makes it easier to defend your endpoints.
How do you handle false positives?
Because of our method, which is hardly used by legitimate software, false positives are extremely low to non-existent, because we don’t try to understand the environment or the attacker. Rather, the software is runs automatically to scare away even minor risks. We also implemented other capabilities to reduce interfering with legitimate software, so it can work in the background without the user having to do anything.
Do you ever catch attackers in real time?
There are companies that focus on knowing the attackers and their routes, but it’s not in our scope. Rather, our priority is to stop attackers as quickly as possible because every second the attacker is moving laterally in the network or finds access to the organization, gives them better chances of succeeding.
In your opinion, what does the future hold for deception technology?
It’s a growing technology with immense potential and it’s going to change how we defend endpoints in the coming years. Gartner spoke of deception as the cyber technology of the future, they also mentioned us earlier this year on this subject. They said deception is a key aspect to protect your assets and enterprise, as it allows them to create false information and stop attackers quickly.