Deception is not a new concept for organizations and security professionals. It is being implemented since the late 1990s in the form of “Honeypots”, aiming to deceive threat actors. However, things have now changed to a great extent. Today’s deception technology offers a lot of guarantees, particularly when it comes to early and effective threat detection and mitigation. The best part is that it does not create any false positives and provides deep visibility across all the endpoints.

But to make a successful implementation, CISOs and other C-level executives need to note a few points owing to the secretive nature of the deception technology.

Let’s review these points.

  • Prepare a list of critical assets that you want to protect

You will require a well-defined strategy to achieve your security goals with respect to the deployment of deception technology. List down all the sensitive assets that may include (but not limited to) servers, users, files and databases, which you want to secure against malicious activists. This should be the first step in your action plan while integrating the deception in your security infrastructure.

  • Proactively identify the routes an attacker can follow to invade

As deception is an active defence strategy, it is important for security teams to get a deep understanding of the attackers’ modus operandi. Let your in-house or external red team to launch simulated attacks targeting resources that want to protect. This will help organizations to determine the potential paths a threat actor can utilize to penetrate the network. Also, you can measure the efficacy of your blue team and the deployed deception technology.

  • Be ready with a set of incident response plan

Since deception has a very low rate of false positives and provides real-time alerts, it is vital for organizations to be ready with an incident response plan for responding swiftly to deception alerts. This can reduce the impact of a breach to as much low as possible.

  • Customize the decoys as per your environment

You can maximize the chances of deceiving and catching an intruder by customizing the decoys according to your environment. Turn your network into a trap with realistic-but-fake decoys, breadcrumbs and lures to misdirect attackers into engaging and revealing their presence. By doing so, you are assisting your security professionals to detect an attack in its early stage and gather threat intelligence and indicators of compromise.

  • Ensure that decoys must look real

If a decoy is not fooling you, it cannot deceive any intruder. Make sure the deployed decoys appear as real as possible so that your own in-house/external red team should fall for them during the simulated attacks. The success of the deception technology completely depends upon these decoys.


Towards The End

In addition to the most advanced and mature security controls, organizations can employ deception technology to quickly discover what’s lurking inside their environment. Deception has proven to be more effective in detecting in-network threats, lateral movements, privilege escalation, data theft and ransomware, and hence is turning out to be an ideal technology solution.