Deception
Also known as:
- Honeypots
- Canary tokens
What problem does it target?
Deception technologies and honeypots address the challenge of detecting and analyzing attackers who have bypassed perimeter defenses. They provide early warning and intelligence by luring adversaries into controlled environments.
What does this solution do?
These solutions:
- Deploy decoy systems, files, and credentials to attract attackers
- Detect lateral movement and unauthorized access
- Gather intelligence on attacker techniques
- Delay or disrupt adversaries
- Integrate with SIEM and incident response workflows
Who is this for?
- Organizations seeking early breach detection
- Security teams interested in threat research
- Enterprises with high-value assets
Who might not benefit from this?
- Small businesses with limited security resources
- Teams unable to monitor or respond to deception alerts
Pitfalls and remedies
| Pitfall | Remedy |
|---|---|
| False positives from legitimate users | Clearly segment and document decoys |
| Lack of response to detected activity | Integrate with automated alerting and response |
| Maintenance overhead | Use managed deception platforms or automate deployment |
Sample products
- Attivo Networks (SentinelOne)
- Illusive Networks
- Cymmetria
- TrapX Security
- Thinkst Canary