The most common defensive strategy used to defend networks is to detect threats and respond accordingly. Given that attackers can continuously change behavior, detection is an inherently flawed defensive strategy that results in the cost of defense being far greater than the cost of attack. Deception technology can greatly increase the cost of attack. The talk covers a simplified version of the attack lifecycle, types of static defenses and possible countermeasures, categories of deception techniques, and how deception techniques can be employed in network operations to influence attacker behavior. (50 minute)
Thomas Phillips is the Chief Technical Officer and Vice President of Engineering at Ridgeback Network Defense, Inc., with responsibility for new product development and overall technical strategy. At Ridgeback he merges over 35 years of programming and hacking experience, over 15 years of contract work for NSA in both technical and managerial roles, and the experience of three prior startups. He has served as a Russian linguist in the U.S. Marine Corps and performed electronics repair in the Maryland Army National Guard.