secure tablet

How Deception Technology Can Help You Detect Threats Early

Deploying automated decoys can help protect your network and reduce IT costs.

Deception is a frequently used tactic in both defensive and offensive strategies, from chess to duck hunting, and a tool that many security professionals have been using for years. Initially, when deception was used in network defense, it involved a human carefully interacting with an infiltrator to make them believe that they had achieved access to restricted data and to keep them occupied until the threat could be contained. Today, however, technological advancements have eliminated the need for direct human interaction and have increased the believability of decoys.

What Is Deception Technology?

Deception technology is the integration of deception tactics into security tools and automation, meant to attract intruders away from real assets and trap or detain them in areas modeled after real storage or network areas. By misdirecting the attacker early in the infiltration process, the technology can minimize the damage caused and gain an opportunity to learn from the attacker's methods and behavior while they are distracted.

The simplest form of deception technology is the classic honeypot: a planted store of data whose contents are designed to be appealing to attackers, such as decoy password lists, false databases, fake access to other regions and more. When an intruder enters a network, they are led by a trail of breadcrumbs straight to the honeypot, which is triggered to alert security and distract the intruder by feeding them engineered information.

In the past, these were handcrafted and manually deployed and monitored. Now, however, the technology has advanced to the point that monitoring can be fully automated and decoys can be generated based on scans of true network areas and data.

Currently, decoys are often deployed as mock networks running on the same infrastructure as the real networks. When an intruder attempts to enter the real network, they are directed to the false network and security is immediately notified. The decoys are never accessed by legitimate users so there are almost no false positives with these techniques and intruders become visible much more quickly than if security had to wait for behavior or malware detection based alerts to be notified.

Deception technology is relatively simple to create in-house but difficult to make convincing, so many adopters prefer to use a third-party solution, such as Attivo, Minerva Labs, Cynet or a big name like Symantec, to ensure that their decoys are as realistic as possible.

Several tactics are used in deception technology:

  • Honeypots: research versions are placed “in the wild” to gather information on attacker strategies and motivations, production versions are placed to slow down attackers
  • Honey users: users with implied privileged access planted in the hopes that intruders will attempt to use their log-in which is flagged to alert security upon use
  • Honey credentials: credentials with supposed access rights to larger network; alerts are sent to security if intruders attempt to use the credentials, allowing them to track criminal movement
  • Geo-tracking: files planted with tracking information that is activated upon transfer or opening, sending IP and location data back to security teams
  • Sink-Hole servers: servers that use traffic redirection to trick bots or malware into reporting back to law enforcement or "white hat" researchers instead of criminals

Benefits of Deception Technology

Deception technology tools provide significant benefits when it comes to early detection of intruders, which is key to minimizing the amount of damage a criminal can do. By isolating attackers in areas where there is minimal risk of damage, this technology grants security professionals the opportunity to not only test their currently used mechanisms, but to learn about the real-world behavior, motivations and tools that criminals use to damage organizations. Such information is vital to building stronger security policies and solutions.

Apart from intellectual and risk mitigation benefits, deception technology can be used to alleviate bottlenecks in security processes. A significant reduction in false positives means that time is not wasted verifying the legitimacy of alerts. The ability to automate deceptive technologies further reduces the amount of time dedicated to non-critical tasks.

Decoys are typically completely hidden from end-users, meaning they have no impact on productivity. This has the added benefit of making them effective against human attackers and intrusion tools regardless of whether they originate externally, internally or from third-party services.

Unlike other methods of intruder detection, deception technology produces high fidelity alerts, reducing the amount of time spent filtering through alert information to find what threats require action. This technology doesn’t rely on detection based on known signatures or behaviors, so all intrusions are immediately detected and flagged, regardless of what methods an attacker uses.

Once an intrusion is detected, attackers can be easily contained and monitored with minimal to no risk to the actual network. Other security strategies operate by ejecting intruders upon discovery to minimize damages, but this doesn’t give security researchers the chance to learn from an attacker’s behavior and denies them the opportunity to apply forensic information to improving production security systems.

Integration with automation also helps reduce IT budget costs and helps stretch security team productivity. Automation tools can discover new networks and assets, and auto-generate and deploy decoys. This ability to adapt deception layers to changing environments reduces the manual work of security and helps maximize system protection.

Deception technology is more easily deployed with devices that do not allow for the installation of traditional security agents due to lack of memory, firmware or compatibility issues. This makes it especially suitable for Internet of Things (IoT) devices, legacy systems or industry-specific devices.

Why Should You Add Decoys to Your Network?

Deception is a time-honored strategy that continues to prove effective. Although many security budgets and professionals are focused on active defense when it comes to protecting a network, the passive defense offered by deception technology can sometimes provide greater benefit to an enterprise.

Adding decoys to your network can give you the upper hand in terms of detection speed and grant valuable information needed for security innovation—both of which are vital to protecting your systems from increasingly aggressive cyber criminals.


  • Using Modern Technology

    Using Modern Technology

    Workplace violence is a serious and growing challenge for many organizations — including those in the healthcare industry. Read Now

  • The Core Value Proposition

    The Core Value Proposition

    Machine and deep learning algorithms are everywhere in our lives. Masquerading as AI, they are only in their infancy. Have a conversation with a ChatGPT chatbot, and it becomes clear just how far we have come in a short time and how far we have to go. Read Now

  • Progressing in Capabilities

    Progressing in Capabilities

    Hazardous areas within industries like oil and gas, manufacturing, agriculture and the like, have long-sought reliable video surveillance cameras and equipment that can operate safely in these harsh and unpredictable environments. Read Now

  • A Comprehensive Nationwide Solution

    A Comprehensive Nationwide Solution

    Across the United States, manufacturing facilities, distribution centers, truck yards, parking lots and car dealerships all have a common concern. They are targets for catalytic converters. In nearly every region, cases of catalytic converter thefts have skyrocketed. Read Now

Featured Cybersecurity

New Products

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • FlexPower® Global™ Series (FPG) from LifeSafety Power

    FlexPower® Global™ Series (FPG) from LifeSafety Power

    The FlexPower® Global™ Series (FPG) from LifeSafety Power—designed to provide DC power for access control systems in international applications—is now PSE listed for Japan and compatible with the country’s 100VAC applications. 3

  • BIO-key MobileAuth

    BIO-key MobileAuth

    BIO-key International has introduced its new mobile app, BIO-key MobileAuth™ with PalmPositive™ the latest among over sixteen strong authentication factors available for BIO-key's PortalGuard® Identity-as-a-Service (IDaaS) platform. 3