Critical Update: How Hackers Get Stuck In HADES

They say you catch more flies with honey, and a research team at Sandia National Lab has taken that to heart.

The team—led by Vince Urias, a distinguished member of the technical staff, Caleb Loverro, principal member of the technical staff, and Will Stout, senior member of the technical staff—created a massive, automated system designed to identify bad actors on a network and funnel them into a segregated, façade environment. Once in the fake system, defenders can track the hackers, map their movements and techniques, and gain valuable insight into who is attacking the system and what they appear to be after.

“The [hacker] behavior behind all this is that you want to look for things and once you get into an environment you want to explore,” Urias says on the latest episode of Critical Update. “Well, give them things to explore.”

While the idea of deceptive cybersecurity tactics—including honeypots—is not novel, Sandia’s system takes it to another level.

“Essentially [we’re] merging three components,” Urias explains. “One was the environmental component, which was, ‘Can we spin up environments that look and feel, and have data and applications that look very similar to an organization in a very streamlined fashion?’ Secondarily, we built a transcurrent virtual machine inspection platform that was very much focused on how do we actually look at the adversaries in interesting ways without them knowing. And the third one was a mutable network using software-defined networks. Could we actually move adversaries around the network—or around our perception of the network—without them seeing us or knowing that we’re doing that to them?”

The result is the High-fidelity Adaptive Deception and Emulation System, or HADES.

And, as a federally-funded research lab, Sandia offers the intellectual property free to federal agencies, which can employ this system on their own networks to get more proactive in their cybersecurity posture.

Hear more about HADES and what makes it different from other cybersecurity systems in the full episode below. Or, download and subscribe to Critical Update in the Apple Podcasts or Google Play.

.