Gartner Blog Network


Our “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” Paper is Published

by Anton Chuvakin  |  November 21, 2016  |  3 Comments

As my esteemed and fast-fingered colleague has already noted, our deception paper has published. World, please behold the 38 page awesomeness of “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” [Gartner GTP access required]! The abstract states “Deception is a viable option to improve threat detection and response capabilities. Technical professionals focused on security should evaluate deception as a “low-friction” method to detect lateral threat movement, and as an alternative or a complement to other detection technologies.”

While Augusto has provided some quotes, here are more:

  • Improved detection capabilities are the main motivation of those who adopt deception technologies. Most [of those interviewed – A.C.] have no motivation to actively engage with attackers, and cut access or interaction as soon as detection happens.”
  • “While tailoring lures to the environment increases the chances of detecting attacks, certain lures may cause users without malicious intent to accidentally touch the decoys.” <- so, many want NO false alarms, but really get LOW false alarms…
  • “Testing detection tools is hard. Testing detection tools that seek to find advanced and, hence, rare threats is even harder. However, testing deception tools often takes the prize for being the hardest.”
  • “Unlike with other security controls, the question of whether to inform the rest of the information security and IT team does come up with deception. Deception controls are sometimes deployed by a small team that keeps some details, such as the precise nature of lures and the locations of decoys, to itself. “
  • Are these technologies effective? At this time, the fact base Gartner collected from production deployments points to a […]” (read the paper to find out; sorry for my bad joke here!)

Enjoy!

P.S. I suspect there may be a vendor or two who will say that “we are just not excited enough about deception.” Frankly, given the facts we possess, the paper shows an incredible amount of excitement about threat deception. In other words, if you don’t think we bring the good news, we assure you – what we bring is in fact good news :-)

Blog posts related to the deception research topic:

Other blog posts announcing paper publications:

Category: deception  security  

Anton Chuvakin
Research VP
5+ years with Gartner
16 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Our “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” Paper is Published


  1. Congratulations Anton and Augusto, this is a great accomplishment and it’s great for the security community to see where Deception is heading.

    This was a great research project to participate in, not only allowing us to provide input, but your interest in working with our customer references to help with this mission was a refreshing approach.

    I am not sure why any vendors would believe that you are not excited about deception, I find the total opposite. The amount of effort Gartner has shown in terms of research and engagement with us and our customers, highlights the level of excitement I have not seen for a while.

    This helps prove that Deception is more than vendor buzz, but real customer interest, and an evolving market, which you and your team have shown.

    Thanks again, and we look forward to working on more projects like this with you and the Gartner team.

    • Thanks a lot for the comment. Indeed, this was very exciting to write and (despite some of our initial skepticism re: nice to have) we have seen solid use cases for deception tech.

      Again, thanks a lot for your help with customers.

  2. […] “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” (blog announcement) […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.