How Deception Technology Can Help You Detect Threats Early -- Security Today

How Deception Technology Can Help You Detect Threats Early

Deploying automated decoys can help protect your network and reduce IT costs.

By Gilad David Maayan
Aug 12, 2019

Deception is a frequently used tactic in both defensive and offensive strategies, from chess to duck hunting, and a tool that many security professionals have been using for years. Initially, when deception was used in network defense, it involved a human carefully interacting with an infiltrator to make them believe that they had achieved access to restricted data and to keep them occupied until the threat could be contained. Today, however, technological advancements have eliminated the need for direct human interaction and have increased the believability of decoys.

What Is Deception Technology?

Deception technology is the integration of deception tactics into security tools and automation, meant to attract intruders away from real assets and trap or detain them in areas modeled after real storage or network areas. By misdirecting the attacker early in the infiltration process, the technology can minimize the damage caused and gain an opportunity to learn from the attacker's methods and behavior while they are distracted.

The simplest form of deception technology is the classic honeypot: a planted store of data whose contents are designed to be appealing to attackers, such as decoy password lists, false databases, fake access to other regions and more. When an intruder enters a network, they are led by a trail of breadcrumbs straight to the honeypot, which is triggered to alert security and distract the intruder by feeding them engineered information.

In the past, these were handcrafted and manually deployed and monitored. Now, however, the technology has advanced to the point that monitoring can be fully automated and decoys can be generated based on scans of true network areas and data.

Currently, decoys are often deployed as mock networks running on the same infrastructure as the real networks. When an intruder attempts to enter the real network, they are directed to the false network and security is immediately notified. The decoys are never accessed by legitimate users so there are almost no false positives with these techniques and intruders become visible much more quickly than if security had to wait for behavior or malware detection based alerts to be notified.

Deception technology is relatively simple to create in-house but difficult to make convincing, so many adopters prefer to use a third-party solution, such as Attivo, Minerva Labs, Cynet or a big name like Symantec, to ensure that their decoys are as realistic as possible.

Several tactics are used in deception technology:

Honeypots: research versions are placed “in the wild” to gather information on attacker strategies and motivations, production versions are placed to slow down attackers
Honey users: users with implied privileged access planted in the hopes that intruders will attempt to use their log-in which is flagged to alert security upon use
Honey credentials: credentials with supposed access rights to larger network; alerts are sent to security if intruders attempt to use the credentials, allowing them to track criminal movement
Geo-tracking: files planted with tracking information that is activated upon transfer or opening, sending IP and location data back to security teams
Sink-Hole servers: servers that use traffic redirection to trick bots or malware into reporting back to law enforcement or "white hat" researchers instead of criminals

Benefits of Deception Technology

Deception technology tools provide significant benefits when it comes to early detection of intruders, which is key to minimizing the amount of damage a criminal can do. By isolating attackers in areas where there is minimal risk of damage, this technology grants security professionals the opportunity to not only test their currently used mechanisms, but to learn about the real-world behavior, motivations and tools that criminals use to damage organizations. Such information is vital to building stronger security policies and solutions.

Apart from intellectual and risk mitigation benefits, deception technology can be used to alleviate bottlenecks in security processes. A significant reduction in false positives means that time is not wasted verifying the legitimacy of alerts. The ability to automate deceptive technologies further reduces the amount of time dedicated to non-critical tasks.

Decoys are typically completely hidden from end-users, meaning they have no impact on productivity. This has the added benefit of making them effective against human attackers and intrusion tools regardless of whether they originate externally, internally or from third-party services.

Unlike other methods of intruder detection, deception technology produces high fidelity alerts, reducing the amount of time spent filtering through alert information to find what threats require action. This technology doesn’t rely on detection based on known signatures or behaviors, so all intrusions are immediately detected and flagged, regardless of what methods an attacker uses.

Once an intrusion is detected, attackers can be easily contained and monitored with minimal to no risk to the actual network. Other security strategies operate by ejecting intruders upon discovery to minimize damages, but this doesn’t give security researchers the chance to learn from an attacker’s behavior and denies them the opportunity to apply forensic information to improving production security systems.

Integration with automation also helps reduce IT budget costs and helps stretch security team productivity. Automation tools can discover new networks and assets, and auto-generate and deploy decoys. This ability to adapt deception layers to changing environments reduces the manual work of security and helps maximize system protection.

Deception technology is more easily deployed with devices that do not allow for the installation of traditional security agents due to lack of memory, firmware or compatibility issues. This makes it especially suitable for Internet of Things (IoT) devices, legacy systems or industry-specific devices.

Why Should You Add Decoys to Your Network?

Deception is a time-honored strategy that continues to prove effective. Although many security budgets and professionals are focused on active defense when it comes to protecting a network, the passive defense offered by deception technology can sometimes provide greater benefit to an enterprise.

Adding decoys to your network can give you the upper hand in terms of detection speed and grant valuable information needed for security innovation—both of which are vital to protecting your systems from increasingly aggressive cyber criminals.

ISC West 2025 Concert to Feature Gin Blossoms
04/01/2025
ISC West 2025 Showcases the Largest-Ever SIA Education@ISC Program
04/01/2025
System Surveyor Launches Online Certification Program
03/28/2025
BlackCloak Releases Digital Executive Protection: Framework & Assessment Methodology
03/27/2025
ESX 2025 Closing Luncheon Speaker Michael Barnes to Deliver Expert Insights Strategic Takeaways
03/27/2025
i-PRO Welcomes Michelle Chapin as Director of Federal to Drive Strategic Growth in the Public Sector
03/27/2025
Paxton's New Greenville HQ Opens Doors for Tech Tour Attendees
03/27/2025
Security’s Role in L.A. Wildfires Recovery and Rebuild
03/20/2025

Featured

It's Show Time

I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now
- Industry Events
- ISC West
SIA Releases New Report on Operational Security Technology

The Security Industry Association (SIA) has released an impactful new resource – Operational Security Technology: Principles, Challenges and Achieving Mission-Critical Outcomes Leveraging OST. Read Now
- IP Video
Cyber Overconfidence Is Leaving Your Organization Vulnerable

The increased sophistication of cyber threats pumped by the relentless use of AI and machine learning brings forth record-breaking statistics. Cyberattacks grew 44% YoY in 2024, with a weekly average of 1,673 cyberattacks per organization. While organizations up their security game to help thwart these attacks, a critical question remains: Can employees identify a threat when they come across one? A Confidence Gap survey reveals that 86% of employees feel confident in their ability to identify phishing attempts. But things are not as rosy as they appear; the more significant part of the report finds this confidence misplaced. Read Now
- Cybersecurity
Mission 500 Debuts Refreshed Identity Ahead of Security 5K/2K at ISC West

Mission 500, the security industry’s nonprofit charity dedicated to supporting children in need across the US, Canada, and Puerto Rico, has unveiled a refreshed brand identity ahead of ISC West. The charity’s new look includes a modernized logo with refined messaging to reinforce Mission 500’s nearly decade-long commitment to serving the needs of children and families in crisis. Read Now
- Industry Events

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Mobile Safe Shield

SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.
AC Nio

Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.
Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”