AUTOMATION OF THE USE OF FALSE COMPONENTS IN THE INFORMATION SYSTEM

Abstract

The article considers the applicability of deceptive information systems and their components in
building an automated system for deploying and managing the applied implementation of deceptive component
technology to improve the attack prevention system. The main advantages and the role of technology
in the information security strategy setting the specifics and the area of technology means and tools
practical appliance are suggested. The article considers the fundamentals of the architecture and features
of the technology application, as well as its limitations. The purpose and the objective of using the present
technology is pointed in terms of key principles of implementation disclosure. In addition, regulatory publications
and other recommendations constituting the best practices in the field of its use were analyzed.
The concept and architecture of the final automated solution for integration into information systems and
security systems are considered, and the functional content of the final solution is described. A distinctive
feature of the proposed solution is the use of controlled containerization mechanisms, that provide ample
opportunities for scaling the solution and isolating compromised system components as a result of an
intruder's actions. A formulated process of the automation system practical implementation in perspective
of solution subsystems is schematically described in relation to dependent components (such as suggested
document pieces and outer tools and systems) and included operations processing conditions. A model of
deployment and operation of a distributed automation system is also provided in the following sequence:
setting up a deployment server (including provisioning), deploying a network of false decoy components
based on containerization, deploying external baits, integrating with systems and instances of the information
security stack external to the composition of the solution. The solution is implemented by means of
the principle: fake assets and resources of the fictive environment are deployed in an information technology
infrastructure using controls and are intended to be affected by the adversary. The deployed set of
subsystem tools was tested using a third-party node with the appropriate tools and scanning scenarios.
Recommendations are given for further improvement of the automation system for deployment and management
of tools and measures for deceptive component technology.