It is a long-held maxim in cybersecurity that the bad guys have the advantage. They only have to succeed once, but the good guys have to stop them every time. So it is always interesting and often important when a new method comes along that seeks to change that balance of power.
Deception technology gives defenders a rare advantage against attackers by doing something that other forms of cybersecurity don’t: Provide early and accurate detection by laying a minefield of attractive decoy systems and content to trip up attackers. This is all done within the organization’s networks and serves as a high-fidelity warning system of attacks that have bypassed perimeter security controls.
Decoys are designed to catch threat activity as the adversary looks to understand the network and how to find its target. Whether through a simple scan or an attempt to download malware, once an attacker goes after a decoy, it is safe to observe what they do in a contained environment. In most cases, when an attack is detected, the right thing to do is shut the attack down right away. But with deception, you have the option to watch what is happening, learn more about the nature of the attack, and better understand the way that the attackers intend to spread through your network. Once you feel you’ve learned enough, you can then easily shut the attack down.