Here’s how Defender XDR can help you find attackers sooner in your environment | Deception Rules MDE

Andre Camillo, CISSP
3 min readJan 3, 2024

Microsoft announced Deception rules as part of Defender for Endpoint Plan 2 at ignite 23.

Here’s why Deceptive technologies are important for your cyber security program according to NIST and how it currently works in preview for Defender XDR.

Deception Technologies

In the cyber security domain the ability to detect attackers is fundamental for threat analysis and of course for protection one of the ways that we can use to ensure that there aren't any attackers lurking in your department is a technique called deception.

Deception in cyber security means have decoy accounts or artefacts in your environment that lower the attention and of course the time of attackers in order to stray them away from actual real artefacts and of our data from your environment.

There are a member of Social Security vendors who specialise in technologies for deception or deceptive technologies some of these vendors include: Attivo, Countercratsec, and more.

Most importantly from a cyber security process management perspective we must look at guidance from major entities around the role of deceptive technologies in your cyber security defence program.

I set down to research what nest special publications or guidance had been published about this, and found a very good blog article from one of the…

--

--

Andre Camillo, CISSP
Andre Camillo, CISSP

Written by Andre Camillo, CISSP

Cloud, AI and Cyber Security tech, Career, Growth Mindset. Find my Discord &more: https://linktr.ee/acamillo . Architect @Crowdstrike. Opinions are mine!

No responses yet