As my esteemed and fast-fingered colleague has already noted, our deception paper has published. World, please behold the 38 page awesomeness of “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” [Gartner GTP access required]! The abstract states “Deception is a viable option to improve threat detection and response capabilities. Technical professionals focused on security should evaluate deception as a “low-friction” method to detect lateral threat movement, and as an alternative or a complement to other detection technologies.”
While Augusto has provided some quotes, here are more:
- ”Improved detection capabilities are the main motivation of those who adopt deception technologies. Most [of those interviewed – A.C.] have no motivation to actively engage with attackers, and cut access or interaction as soon as detection happens.”
- “While tailoring lures to the environment increases the chances of detecting attacks, certain lures may cause users without malicious intent to accidentally touch the decoys.” <- so, many want NO false alarms, but really get LOW false alarms…
- “Testing detection tools is hard. Testing detection tools that seek to find advanced and, hence, rare threats is even harder. However, testing deception tools often takes the prize for being the hardest.”
- “Unlike with other security controls, the question of whether to inform the rest of the information security and IT team does come up with deception. Deception controls are sometimes deployed by a small team that keeps some details, such as the precise nature of lures and the locations of decoys, to itself. “
- “Are these technologies effective? At this time, the fact base Gartner collected from production deployments points to a […]” (read the paper to find out; sorry for my bad joke here!)
P.S. I suspect there may be a vendor or two who will say that “we are just not excited enough about deception.” Frankly, given the facts we possess, the paper shows an incredible amount of excitement about threat deception. In other words, if you don’t think we bring the good news, we assure you – what we bring is in fact good news 🙂
Blog posts related to the deception research topic:
- APT-Ready? Better Threat Detection vs Detecting “Better” Threats?
- Better Data or Better Algorithms?
- Tricky: Building a Business Case for A Deception Tool?
- It Is Happening: We Are Starting Our Deception Research!
- “Deception as Detection” or Give Deception a Chance?
Other blog posts announcing paper publications:
- Our “How to Plan, Design, Operate and Evolve a SOC” Paper Is Published
- Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes
- Our Paper “Endpoint Detection and Response Tool Architecture and Operations Practices” Publishes
- Our “Understanding Insider Threats” Paper Publishes
- Our New Paper on Security Monitoring Use Cases Publishes
- Our 2016 SIEM Papers Are Out!
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.
Comments are closed
Congratulations Anton and Augusto, this is a great accomplishment and it’s great for the security community to see where Deception is heading.
This was a great research project to participate in, not only allowing us to provide input, but your interest in working with our customer references to help with this mission was a refreshing approach.
I am not sure why any vendors would believe that you are not excited about deception, I find the total opposite. The amount of effort Gartner has shown in terms of research and engagement with us and our customers, highlights the level of excitement I have not seen for a while.
This helps prove that Deception is more than vendor buzz, but real customer interest, and an evolving market, which you and your team have shown.
Thanks again, and we look forward to working on more projects like this with you and the Gartner team.
Thanks a lot for the comment. Indeed, this was very exciting to write and (despite some of our initial skepticism re: nice to have) we have seen solid use cases for deception tech.
Again, thanks a lot for your help with customers.