Skip to content

What is deception technology?

Deception technology is a type of cybersecurity that uses deceptive tactics, from fake network environments to honeypots and breadcrumbs like bogus credentials, to catch malicious actors and learn more about them.

Unlike traditional security infrastructure, like firewalls and endpoint detection systems, deception technology does not seek to defend merely a perimeter—it uncovers any illicit activity, even if it comes from within an organization, and it does so by taking into account the human attacker’s point of view and actions in order to create an active defense. The end goal of deception is to prevent damage to a system by being better informed and prepared.

The benefits of deception technology.

  • 1 Detect attackers before there is a breach

    With deception, you can find attackers and observe their movements before they have even entered your network.

  • 2 No need to disrupt regular network function

    Deception technology can work without touching your network systems, meaning minimum disruption to normal processes and business flow.

  • 3 Eliminate false positives

    Deception creates environments and data that, by definition, should not be entered or touched. That means there is an almost total reduction of false positives, noise, and dead-end alerts.

  • 4 Scale easily

    Deception can scale easily and be automated for maximum efficacy even as your organization grows and changes.

  • 5 Gain threat intel specific to your organization and in real time

    Deception technology doesn’t rely on generic threat intel feeds—it creates threat intel by engaging attackers, and delivers it to your security team in real time.

  • 6 Works across many types of systems

    Legacy system? No problem. IoT devices to protect? Deception works on those too. Cyber deception is versatile and adaptable.

Why use deception technology?

Organizations today face more daily cyber attacks than ever, and the stakes (both financial and otherwise) get higher and higher. These attacks are designed by adversaries to disrupt businesses or strategic missions and carried out using an evolving set of Tactics, Techniques and Procedures (TTPs).

Defenders continually feel that they are at a disadvantage as they need to protect their assets all the time, and in organizations which no longer have classical boundaries or perimeters, and who are adopting new technologies, business models and global partnerships at a faster rate than ever before. It’s snowballing out of control.

For the past 30 years enterprise Chief Information Security Officers and their Enterprise Security Architects, if they existed, bought and built solutions which were all about “keeping the bad guys out” in a very overt and straightforward manner, and the industry evolved through the vocabulary of IDS, IPS, Firewalls, Cryptos, Anti-virus, Security Information & Event Management (SIEM), Cyber Threat Intelligence, Cloud Access Security Brokers, Security Automation & Orchestration.

All of these technologies and approaches still deliver value and should keep about 80% of the attackers out.

What of that other estimated 20%?

Deception tools and techniques are being used more and more often to proactively protect important information assets and systems, and divert persistent adversaries to synthetic environments which engage to gather direct threat intelligence, keep them occupied and misdirect them through deception campaigns.

This is where the value of cyber deception really comes into its own as it enables defenders to design, build and operate synthetic and fake environments that fool the attackers into thinking they are accessing real production environments. As a result, they give away details of their Tactics, Techniques and Procedures (TTPs).

With this information it is possible to carry out a number of valuable defense-enhancing activities at different levels of an organization.

For example

The CISO can get detailed intelligence on real attackers and what they are interested in accessing in the business. They can use this to inform future defense posture and investments, and talk to the board and peer C-Suite executives, before any breach occurs.

Enterprise Security Architects can deploy deception to improve the protection of certain information assets – the crown jewels.

Real-time information from a deception environment can be integrated machine-to-machine in a Security Operations Centre with SIEM and Threat Intelligence Platforms to enhance triage and threat hunting disciplines.

As bad guys waste their time in fake environments, not only are your real networks safe, they may be deterred as their effort has been increased massively.

Deception technology vs. honeypots

While often mistakenly used synonymously, honeypots and deception technology are not the same thing. Honeypots are tools used to attract attackers and trick them into revealing their presence and other clues about their intentions. Honeypots can be anything from data and information to services or some other resource.

The three pillars necessary for effective deception technology are:

1) Credibility: Is it believable?

2) Instrumentation / Telemetry: Are you able to gather deep data about what people are doing on the system?

3) Data Exfiltration: Are you able to bring that data home without revealing yourself, so you can do something about it?

Find out how The Platform addresses the key challenges in your organization including insider threat, lateral movement, ransomware, and talent gap mitigation.

View use cases