All businesses today need to be vigilant about keeping the bad guys out of our networks. But a fellow named David Koretz (pictured at left), who owns a company that provides email services for businesses, has taken a rather novel approach, according to a recent article in the November 19th issue of Bloomberg Businessweek. While maybe we can’t all do what Koretz does, the lessons are worth noting, and he does provide a valuable product/service that you may find of interest.
When Koretz’s business started getting hacked, he found that the various attackers all looked different – from jilted lovers, to organized crime figures seeking credit cards, to disgruntled employees seeking to get back at old bosses.
Koretz came up with an unorthodox approach that he turned into a company named Mykonos Software. His idea was to design an “intrusion detection” software product that thwarts attackers by setting traps to confound them. The goal is to slow hackers down, and make it too costly and not worth their while to attack his clients. His software plants fake files on its customers’ websites to confuse intruders. He also floods attackers’ scanning programs with information about vulnerabilities that don’t really exist. The hackers can spend months chasing leads that go nowhere – and here’s the key – eventually give up.
Koretz says it’s like “putting all your data on top of Mt.Everest,” where it will be infinitely harder for hackers to get at it.
And along the way, they have a little fun with it. They empower geeks to fight back.
For example, once a hacker is spotted, the program starts messing with the attacker’s PCs. One clever response is to flash a map of the hackers’ locations and provides recommendations for nearby defense attorneys. Another disrupts the attack so it occurs in very slow motion. Yet another serves up a pop-up on the attacker’s screen that offers hacking advice and offers them consolation for getting caught.
With his unique techniques, Koretz has gone beyond traditional detection intrusion and into the realm of thwarting attackers offensively. As he says, “I don’t think perfect security is real. What I want to do is build the biggest mountain I can.”
His work has caught the eye of the big guys. Juniper Networks, a leading networking equipment manufacturer bought the company recently for $80 million.