Dear readers, please treat this post as a form of analyst psychotherapy! As we are entering our 4th month of deception research (with one deception paper out already and one more under development), this question is the proboscidean in the room.
Frankly, we are afraid to ask this question aloud: Will threat deception fizzle again?
Ok, us security old-timers (did I really say that?) remember the glorious rise of threat deception … in 1999. ManTrap, CyberCop Sting, SPECTER and other products represented a golden age of the honeypot. Honeynet Project launched in 1999 as well (I joined in 2002). Lots of excitement was there! A few great books came out.
And then … several years later (say, by 2004), all gone, turned to dust, products dead, concepts forgotten, hopes dashed. “Deception winter” lasts until about 2014 … 10 cold years.
As I write this in 2019, deception is a healthy – if small – security market. Our upcoming comparison focuses on six vendors that we see in customer inquiry (why?). Vendors report decent deal flow, happy customers, and show evidence of technology that works. Some even report seeing deception budgets at some clients.
However, and here is where the elephant becomes visible, the question remains: will deception stay this time or go again? Frankly, I can justify either position, and with passion. Hence, this post.
Will deception occupy a permanent spot in our security arsenal … or become a fad that died again?
Arguments for stay?
Arguments for go?
Posts related to deception research:
- Our Updated “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” (2019) Publishes
- Deception vs Analytics, or Can Analytics Catch True Unknown Unknowns?
- APT-Ready? Better Threat Detection vs Detecting “Better” Threats?
- Better Data or Better Algorithms?
- Tricky: Building a Business Case for A Deception Tool?
- It Is Happening: We Are Starting Our Deception Research!
- “Deception as Detection” or Give Deception a Chance?