Blog post

It Is Happening: We Are Starting Our Deception Research!

By Anton Chuvakin | September 16, 2016 | 12 Comments

securitydeception

As my illustrious colleague mentioned, we are starting a new research project, one we wanted to run for a while, about DECEPTION. While there is already Gartner research on the topic (this and this), we at Gartner GTP will approach this from an end-user perspective, as always.

So, in the next few weeks we will be running around asking questions such as:

  1. Why did you decide to employ deception and/or deploy deception tools?
  2. What helped you prioritize deception over other security technologies?
  3. What is/are your current use cases with deception technology?
  4. How did you test the tools?
  5. How do your daily operational practices around deception look like?
  6. What security processes and practices are affected by your use of deception?
  7. Any challenges with adopting deception tools in your organization?

Finally, a call to action! If you recently deployed deception tools, please let us know. Example vendors include TrapX Security, Attivo Networks, Illusive Networks and Cymmetria. If you are a vendor who somehow failed to brief us on your deception approaches, you know what to do.

Our related blog posts on deception:

Comments are closed

12 Comments

  • Dear vendors! Before you comment on this by saying “WHY ARE WE NOT AN EXAMPLE TOO!!!???”, let me answer: we listed 4 vendors that we hear about most often. That’s it.

  • Exciting news! We look forward to helping support your research and have several customers and videos that can help with answers to your questions. Just say the word and we will make the connections.

  • Andre Gironda says:

    Endgame, Acalvio, and Thinkst absolutely deserve mention.

    Most-often is the worst kind of often. You should try being thorough — it’s a much-more-often approach.

    • Thanks for the comment!

      Acalvio and Thinkst [and a few others] are on our “deception list” for sure. Why Endgame? I spoke with them recently and detected to connection to deception tech of any kind…. So, was I deceived? 🙂

  • Andre Gironda says:

    One more point to add, with another vendor (or perhaps a new subset of vendors):

    Deception consists of showing the fake (the vendors you quoted) and hiding the real. One vendor focused on cloaking is Tempered Networks.

    I think you first need to define what deception is. It’s actually a lot more than the last paragraph from where I’m standing, but the industry and CIOs may not yet be ready for denial and deception, as well as counterdeception — just like you believe that they aren’t ready for deception in general.

    • Absolute re: defining it. This is where we start pretty much any project unless the definition is clear (e.g. SIEM). Given that we started last week; we don’t have any gems to share; but we will definitely share it here first 🙂

      As always, thanks a lot for the insights!!

  • Odbitka says:

    Great news and good questions!

  • Looking forward to your reviews and information. Coming from the MSSP space we’re evaluating these technologies as well to determine what to include in our service packages. Currently we’re focused on Topspin Security and it would be great to see your research on their technology.

  • Publikacje says:

    Really interesting research.

  • Nick says:

    Great topic. Look forward to it. What was outcome of the last research cycle re TI / SOC??

    Thanks!