The patterns of cyber attacks are well known and so are the targets. The bad guys are seeking to break in to get valuable data or take actions that benefit them, and want to go undetected for as long as possible. There are a number of solutions out there dedicated to prevention, system lock-down, prevention of lateral movement, and otherwise detecting anomalous behavior.
The challenge for detection, however, is how to do this faster and more comprehensively, with the highest chances of success, while minimizing operational overhead and false positives. That’s where the technique of deception, which is now being realized in a variety of products, is vitally important.
Deception is the evolution of something that used to be done externally to find nefarious actors, and it has its origins in the idea of the honey pot — external sites that would attract people who had bad intentions so that they could be identified. While honey pots were often used by security researchers, it was not a popular technique for enterprises. Deception essentially takes a new approach and moves threat deception inside the network, offering more valuable insight into threats that have penetrated perimeter defenses. And in doing so, it offers a way in which to generate only high-fidelity alerts and to arguably reduce the time to detect an attack dramatically.