Don’t Get Stumped by Deception: Busting 4 Myths About Distributed Deception Platforms


Between the marketing hyperbole and the extreme and immediate need for strong cybersecurity, CISOs face a hard time figuring out whether any particular security product or service can thwart attacks. Illusive Networks’s Field CTO Wade Lance gives the lowdown on Deception Technology and how CISOs can evaluate platforms based on their requirements.

For all the dozens of security solutions organizations deployed to safeguard their networks, data breaches continue to occur. Unfortunately, these “solutions” haven’t proven effective at truly securing the network – allowing cybercriminals to linger undetected and undeterred, sometimes for months. Deception technologyOpens a new window offers a different model that can give organizations the advantage over bad actors. However, there’s a lot of misinformation when it comes to this approach. Clearing that up is the first step to the successful use of this technique.

How Deception Is Different

Most security solutions on the market today operate by looking for anomalies within end-user behavior or network traffic. They are looking for an almost infinite variety of atypical behavior, so they must rely on probability as the basis for their alerts. They release a flood of alerts that the security team must then sort through. The actual probability in this scenario is that the security staff are expending a lot of effort to no useful purpose.

A different scenario uses deception to track down atypical behavior, and the probability goes from near-infinity to two options: yes or no. The malicious actor interacted with deception or did not. There is no need for anyone to guess whether this is a threat or not. Deception technology sends out notifications in real-time that contain forensic information – which deception the attacker interacted with, at what time and on which end point. This technology is able to provide information including screen grabs of the machine in question that reveal the exact steps the malicious actor took. This model accelerates attacker behavior and remediation by giving a definitive location and origin of an attack as it is happening.

Learn More: 3 Tips to Fight Ransomware Attacks in the Age of CoronavirusOpens a new window

Misconceptions Removed

As organizations recognize its ability to stop attackers already present within the network, deception technology is gaining traction in the marketplace. However, several misconceptions must be addressed so that more IT security teamsOpens a new window can see the benefits of deception:

  • Deception is difficult
  • Deception is only for large, mature organizations
  • Deception is useful for threat intelligence, not detection
  • Deception should be the last thing you implement

Misconception #1: Deception is Difficult

Truth: Since deception technology is still sometimes thought of as synonymous with honeypots, people often continue to think of it as both hard to set up and easy for an attacker to spot. Some bad actors, in fact, interact with a honeypotOpens a new window intentionally to distract defenders while they move elsewhere.

But the two aren’t synonymous. Today’s distributed deception platforms operate much differently than earlier types of deception. The kind of deception technology in use now is radically easy to set up, run and manage. Even better, it gives malicious actors massive amounts of fake data that look real to them – so real that they can deceive the most seasoned cybercriminalOpens a new window .

What’s more, a deception solution’s automation now drives the constant updates and refreshes that ensure deception authenticity, with less than 10 man-hours per month needed to manage a platform supporting hundreds of thousands of endpoints.

Misconception #2: Deception is only for large, mature organizations

Truth: On the contrary, for smaller IT teams that lack the budget or staff to implement more complex tools, deception is especially applicable. Many smaller shops are benefiting from deception’s improved visibility and are getting better at defending the soft middle of their internal attack surface. Deception has proven to be versatile and industry-agnostic. A recent report from GartnerOpens a new window noted that deception technology offers “easy to deploy, deterministic and effective threat detection capabilities for enterprises of all sizes.”An additional point in favor of distributed deceptions is that the technology automates them in alignment with the information that a bad actor would expect to see on a particular endpoint. This means they can be tailored to the specific enterprise, sector and company size – including smaller organizations.

Learn More: How DevOps Teams Can Automate Container and Image Vulnerability RemediationOpens a new window

Misconception #3: Deception is useful for threat Intelligence, not detection

Truth: Deception shows very little resemblance to the honeypots of old. This modern technology is of much greater value and versatility in a variety of use cases. The older honeypot deceptions, true to their name, tried to attract attackers with the sweet smell of data and then get them “stuck” so researchers could examine their behavior in the late stage of an attack. Today’s deceptions rest at the endpoint for bad actors to come upon at the beginning of an attack. The second they contact a deception, the system sends out an alert that shows precisely what an attacker is trying to do and where. In an interesting twist, distributed deception has become the quickest and most effective method for finding and stopping the movement of malicious actors.

Misconception #4: Deception should be the last thing you implement

Truth: Threat detection becomes a simple, automated, deterministic approach when modern deception technology reduces anomalies to a binary choice. The system operates unseen, with no effect on legitimate users while creating an environment hostile to attackers. No wonder that shops with limited staff have quickly come to appreciate the combination of peace of mind and high efficiency delivered by deception platforms. Deception isn’t a last-ditch effort or the last thing to layer on an already complex stack. So then, the technology offers such value that it should be considered an essential component of any well-architected security strategy.

Straightforward Security

Between the marketing hyperbole and the extreme and immediate need for strong cybersecurityOpens a new window , organizations can have a hard time figuring out whether any particular security producOpens a new window t or service is really going to be effective at catching attackers before they reach critical data. Once you clear away the misconceptions and know the truth about deception technology, though, you can rest a bit easier knowing that real-time detection is possible without all the expense, inaccuracy and complexity of other methods.

Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!