Deception for Threat Defence

Deception technology is a type of cybersecurity that uses deceptive tactics, from fake network environments to honeypots and breadcrumbs like bogus credentials, to catch malicious actors and learn more about them. Unlike traditional security infrastructure, like firewalls and endpoint detection systems, deception technology does not seek to defend merely a perimeter—it uncovers any illicit activity, even if it comes from within an organization, and it does so by taking into account the human attacker’s point of view and actions in order to create an active defense. The end goal of deception is to prevent damage to a system by being better informed and prepared.

Deception tools and techniques are being used more and more often to proactively protect important information assets and systems, and divert persistent adversaries to synthetic environments which engage to gather direct threat intelligence, keep them occupied and misdirect them through deception campaigns.

The aim of deception technology is to prevent a cybercriminal that has managed to infiltrate a network from doing any significant damage. The technology works by generating traps or deception decoys that mimic legitimate technology assets throughout the infrastructure. These decoys can run in a virtual or real operating system environment and are designed to trick the cybercriminal into thinking they have discovered a way to escalate privileges and steal credentials. Once a trap is triggered, notifications are broadcast to a centralized deception server that records the affected decoy and the attack vectors that were used by the cybercriminal.