Gartner Blog Network


New Research: Deception Technologies!

by Augusto Barros  |  September 13, 2016  |  7 Comments

With the work on our upcoming SOC paper and on the TI paper refresh winding down, we are preparing to start some exciting research in our new project: Deception Technologies!

We’ve been blogging about this for some time, but the time to do some structured on the topic has finally come. There are many vendors offering some interesting technology based on deception techniques, and we can see some increased interest from our clients on the topic. Our intent is to write an assessment about the technologies and how they are being applied by organizations.

An interesting question to ponder on is about when an organization should adopt deception techniques. I briefly touched this on my last post about the topic, but I need to expand on that as part of this research. For instance, when an organization should start deploying deception techniques? How to decide, for example, when to invest in a distributed deception platform (DDP) instead of in another security technology? Also, when does it make sense to divert resources and effort to deception from other initiatives? It’s clear that an organization shouldn’t, for example, start deploying a DDP before doing a decent job on vulnerability management; but when you consider more recent technologies or things deployed by more mature organizations, such as UBA: Does it make sense to do deception before that? How should we answer that question? Those are some of the questions we’ll try to answer with this research.

Of course, the vendors have been very responsible and willing to brief us on their products, but it’s also important for us to see things from the end user perspective. So, if you are using deception technologies, let us know!

Category: deception-technologies  future  honeypots-and-honeytokens  

Tags: deception  honeypots  honeytokens  new-research  research  

Augusto Barros
Research Director
1 years at Gartner
19 years IT Industry

Augusto Barros is Research Director in the Gartner for Technical Professionals (GTP) Security and Risk Management group. Read Full Bio


Thoughts on New Research: Deception Technologies!


  1. […] my illustrious colleague mentioned, we are starting a new research project, one we wanted to run for a while, about DECEPTION. While […]

  2. […] we’ve been working on our deception technologies research (have we mentioned we want to hear YOUR story about how YOU are using those?) and one of the things […]

  3. […] I am very excited to see the emerging research of both Anton and Augusto – whom I might add invented the term […]

  4. […] One of the things we are also covering as part of our research on deception technologies is the inclusion of deception techniques as features in other security products. There are many solutions that could benefit from honeypots and honeytokens to increase their effectiveness: SIEM, UEBA, EDR, WAF, and others. We’ve been tracking a few cases where vendors added those features to their products and you can expect to see a few examples in our upcoming research. […]

  5. Omri Dotan says:

    Dear Augustine,

    I would like to connect you with two companies that use deception on the endpoint. One already uses it and caught APT, the other is in the process. Additionally I will request a briefing in a deception technology you have not yet seen. It got cool vendor in 2016.

    • Augusto Barros says:

      Omri, please feel free to contact me on augusto.barros at gartner to provide the contact for them. Please schedule the briefing via Vendor Briefings, please include analyst Anton Chuvakin as well on your request.



Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.