Riding the Deception Wave

Consider deception as a defense strategy against attackers.

Imagine that once malware is detected in an end user’s environment, the user’s systems had the ability to begin to lie to the attacker at the other end of the command-and-control console, to the malware itself on the infected endpoint, or both. Rather than just batting the attacker away, you’d effectively be playing it at its own game.

Deception technologies are defined by the use of deceits and/or tricks designed to thwart, or throw off, an attacker’s cognitive processes, disrupt an attacker’s automation tools, delay an attacker’s activities or disrupt breach progression. Deception in this context is used as a technique for defensive or disruptive purposes, and is not offensive in nature.

These capabilities are now becoming a reality, according to Lawrence Pingree, research director at Gartner. “Deception techniques, such as honeypots, are not a new concept in security; however, new techniques and capabilities promise to deliver game-changing impact on how threats are faced,” says Pingree. “Today’s honeypot has evolved toward greater automation, and offers enterprise-class features and operations capabilities.”

Leading Through COVID-19

How vendors can help vertical industries tackle crisis.

View Webinar

A deception wave is imminent

For the past 20 years, most active security control responses built into network security products have remained fairly constant, offering only a limited number of response actions, such as log, reject, drop and quarantine. These response actions have had very little innovation or evolution beyond these more-simple automated response concepts. Although these responses are effective at both detecting and blocking individual attacker attempts, responses such as reject and drop are widely visible to a skilled adversary and allow an attacker to rapidly identify when they are detected. These basic defensive actions must evolve so that a strong hold against the attacker can be maintained.

Why leverage deception?

By 2018, Gartner predicts that 10% of enterprises will use deception tools and tactics, and actively participate in deception operations against attackers.

More forward-thinking organizations should leverage deception in-depth as a new strategy for comprehensive threat defense against the onslaught of advanced attackers and attack techniques. This is especially true of larger organizations under constant threat — for example, those in the financial services, healthcare, government and software verticals.

Intelligence-led deceptions are crucial to disrupting the attacker

Threat intelligence sharing continues to provide significant improvement in security for many organizations. This threat intelligence data could lead us toward intelligence-led deceptions – where a threat actor that is known to originate from a certain location, or uses a certain pattern of engagement, can be led astray, versus given access to sensitive systems, applications and data types.

This tactic can enable threat management teams to assert more active control of an attacker, its activities throughout the enterprise environment, and allow organizations to track and share even greater intelligence on threat actors. After all, the most critical reason to use deception is to delay an attacker and force it to spend more time, causing it economic harm while it tries to figure out what is real and what is not, and whether to proceed.

Get Smarter

Follow #Gartner

Attend a Gartner event

Explore Gartner Conferences

Top 10 Tips for Avoiding the Most Common Mistakes in Cloud Strategies

Many organizations have no cloud strategy or think they have one. This research describes our top 10 tips to enable enterprise architecture and technology innovation leaders to devise cloud strategies that will maximize the benefits that their organizations derive from cloud services.

Read Free Gartner Research


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching