Gartner Blog Network


It Is Happening: We Are Starting Our Deception Research!

by Anton Chuvakin  |  September 16, 2016  |  15 Comments

As my illustrious colleague mentioned, we are starting a new research project, one we wanted to run for a while, about DECEPTION. While there is already Gartner research on the topic (this and this), we at Gartner GTP will approach this from an end-user perspective, as always.

So, in the next few weeks we will be running around asking questions such as:

  1. Why did you decide to employ deception and/or deploy deception tools?
  2. What helped you prioritize deception over other security technologies?
  3. What is/are your current use cases with deception technology?
  4. How did you test the tools?
  5. How do your daily operational practices around deception look like?
  6. What security processes and practices are affected by your use of deception?
  7. Any challenges with adopting deception tools in your organization?

Finally, a call to action! If you recently deployed deception tools, please let us know. Example vendors include TrapX Security, Attivo Networks, Illusive Networks and Cymmetria. If you are a vendor who somehow failed to brief us on your deception approaches, you know what to do.

Our related blog posts on deception:

Category: deception  security  

Anton Chuvakin
Research VP
5+ years with Gartner
16 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on It Is Happening: We Are Starting Our Deception Research!


  1. Dear vendors! Before you comment on this by saying “WHY ARE WE NOT AN EXAMPLE TOO!!!???”, let me answer: we listed 4 vendors that we hear about most often. That’s it.

  2. Exciting news! We look forward to helping support your research and have several customers and videos that can help with answers to your questions. Just say the word and we will make the connections.

  3. Andre Gironda says:

    Endgame, Acalvio, and Thinkst absolutely deserve mention.

    Most-often is the worst kind of often. You should try being thorough — it’s a much-more-often approach.

    • Thanks for the comment!

      Acalvio and Thinkst [and a few others] are on our “deception list” for sure. Why Endgame? I spoke with them recently and detected to connection to deception tech of any kind…. So, was I deceived? :-)

  4. Andre Gironda says:

    One more point to add, with another vendor (or perhaps a new subset of vendors):

    Deception consists of showing the fake (the vendors you quoted) and hiding the real. One vendor focused on cloaking is Tempered Networks.

    I think you first need to define what deception is. It’s actually a lot more than the last paragraph from where I’m standing, but the industry and CIOs may not yet be ready for denial and deception, as well as counterdeception — just like you believe that they aren’t ready for deception in general.

    • Absolute re: defining it. This is where we start pretty much any project unless the definition is clear (e.g. SIEM). Given that we started last week; we don’t have any gems to share; but we will definitely share it here first :-)

      As always, thanks a lot for the insights!!

  5. Odbitka says:

    Great news and good questions!

  6. Looking forward to your reviews and information. Coming from the MSSP space we’re evaluating these technologies as well to determine what to include in our service packages. Currently we’re focused on Topspin Security and it would be great to see your research on their technology.

  7. […] It Is Happening: We Are Starting Our Deception Research! […]

  8. Publikacje says:

    Really interesting research.

  9. Nick says:

    Great topic. Look forward to it. What was outcome of the last research cycle re TI / SOC??

    Thanks!

  10. […] [BTW, for those of you who think that any/all deception is expert-resource-heavy, think again! We have solid data on “frictionless deception” – of course NOT vs advanced attackers, but as a better way to […]

  11. […] we are ready to state, given our fact base, that A) can be made easier with deception tools. However, I hope you do realize that B) will […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.