Riding the Deception Wave

Consider deception as a defense strategy against attackers.

Imagine that once malware is detected in an end user’s environment, the user’s systems had the ability to begin to lie to the attacker at the other end of the command-and-control console, to the malware itself on the infected endpoint, or both. Rather than just batting the attacker away, you’d effectively be playing it at its own game.

Deception technologies are defined by the use of deceits and/or tricks designed to thwart, or throw off, an attacker’s cognitive processes, disrupt an attacker’s automation tools, delay an attacker’s activities or disrupt breach progression. Deception in this context is used as a technique for defensive or disruptive purposes, and is not offensive in nature.

These capabilities are now becoming a reality, according to Lawrence Pingree, research director at Gartner. “Deception techniques, such as honeypots, are not a new concept in security; however, new techniques and capabilities promise to deliver game-changing impact on how threats are faced,” says Pingree. “Today’s honeypot has evolved toward greater automation, and offers enterprise-class features and operations capabilities.”

Rethink the Security & Risk Strategy

Why leaders must embrace modern cybersecurity practices

Download Free eBook

A deception wave is imminent

For the past 20 years, most active security control responses built into network security products have remained fairly constant, offering only a limited number of response actions, such as log, reject, drop and quarantine. These response actions have had very little innovation or evolution beyond these more-simple automated response concepts. Although these responses are effective at both detecting and blocking individual attacker attempts, responses such as reject and drop are widely visible to a skilled adversary and allow an attacker to rapidly identify when they are detected. These basic defensive actions must evolve so that a strong hold against the attacker can be maintained.

Why leverage deception?

By 2018, Gartner predicts that 10% of enterprises will use deception tools and tactics, and actively participate in deception operations against attackers.

More forward-thinking organizations should leverage deception in-depth as a new strategy for comprehensive threat defense against the onslaught of advanced attackers and attack techniques. This is especially true of larger organizations under constant threat — for example, those in the financial services, healthcare, government and software verticals.

Intelligence-led deceptions are crucial to disrupting the attacker

Threat intelligence sharing continues to provide significant improvement in security for many organizations. This threat intelligence data could lead us toward intelligence-led deceptions – where a threat actor that is known to originate from a certain location, or uses a certain pattern of engagement, can be led astray, versus given access to sensitive systems, applications and data types.

This tactic can enable threat management teams to assert more active control of an attacker, its activities throughout the enterprise environment, and allow organizations to track and share even greater intelligence on threat actors. After all, the most critical reason to use deception is to delay an attacker and force it to spend more time, causing it economic harm while it tries to figure out what is real and what is not, and whether to proceed.

Get Smarter

Gartner Security & Risk Management Summits

The latest insights on IT trends, evolving security tech and the ever-changing threat landscape.

Explore Gartner Conferences

2019-2021 Emerging Technology Roadmap for Large Enterprises

We gathered expertise from IT professionals across 198 organizations to benchmark adoption stages and risk and value factors for 108 infrastructure and operations technologies for this year. The emerging technologies profiled are spread across six technology buckets: compute and storage, compute and storage (cloud), digital workplace, IT automation, network and security.

Read Free Gartner Research


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching