Gartner Blog Network


Our Updated “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” (2019) Publishes

by Anton Chuvakin  |  February 22, 2019  |  2 Comments

Esteemed Mr Barros has beat me to it this time, but here is my re-re-announcement of our updated “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” (2019) deception paper.

Some of my favorite quotes follow below:

  • “Many organizations report low-friction deployment, management and operation as the primary advantages of deception tools over other detection tools, such as SIEM, UEBA, EDR or NTA.”
  • “Are these technologies effective today at real organizations? At this time, the fact base Gartner collected from production deployments points to a cautiously optimistic “yes,” at least regarding the effectiveness of deception technologies for threat detection.”
  • “Test the effectiveness of deception tools by running a POC or a pilot on a production environment. Utilize breach and attack simulation tools, or perform a quality penetration test without informing the testers about the deceptions in place.” [A.C. – overall deception appears to be more challenging to test than other detection and response technologies]
  • “Detecting advanced threats requires not only building and operating more credible deception, but also ensuring that the deception does not impact real-world scenarios. […] Suppose an organization creates highly credible documents about a fake merger or acquisition. The impact from that information being stolen and believed could be as damaging as a compromise to real data.”
  • “Vendors describe deception as having “no false alarms.” In reality, lures and decoys may occasionally lead to false alarms in some environments.” [A.C. – well-hidden lures aimed at advanced attackers may well have a near-zero FP rates]
  • “Based on the research conducted from 2016 to 2019, most organizations, including some of those that employ deceptions, consider deception as “nice to have.” However, for others, deception has become an essential part of their security architecture, and they view it as “a must have” component of their defense-in-depth strategy.”

Augusto also has some of the visuals here.

As always, PLEASE PROVIDE YOUR FEEDBACK to the paper via http://surveys.gartner.com/s/gtppaperfeedback

Posts related to deception:

Additional Resources

Category: announcement  deception  detection  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Our Updated “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” (2019) Publishes


  1. […] as a form of analyst psychotherapy! As we are entering our 4th month of deception research (with one deception paper out already and one more under development), this question is the proboscidean in the […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.