Gartner Blog Network


Is deception effective at delaying or detecting an attacker?

by Lawrence Pingree  |  June 30, 2016  |  Comments Off on Is deception effective at delaying or detecting an attacker?

The first question that many folks ask about using deceptions in their security programs is, can’t a deception be easily detected? The answer is yes but also no. IN fact, this is really the core reason the technique is so effective in detecting and misdirecting attackers in an enterprise environment. Recently, I did a webinar for CISO clients at Gartner and I used the following slide and asked everyone on the phone to tell me which of the examples was the deception – I got crickets!

Can you answer the question below? (Scroll to the bottom to see the answer)

deception-example

 

 

 

 

 

 

 

 

 

The Answer: Neither examples are deceptions, now you know the entire point of using deception. The attacker must trust what they see. But before they have a chance to guess, they get detected!

Category: security  

Lawrence Pingree
Research Director
6+ years with Gartner
19 years industry experience

Lawrence Pingree is a Research Director in Gartner's Security Technology and Service provider group. His responsibilities include providing critical insights to both end users and technology providers. He closely tracks the information security markets, technologies, technology and adoption trends, and competitive market dynamics.… Read Full Bio




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.