Blog post

New Research: Deception Technologies!

By Augusto Barros | September 13, 2016 | 2 Comments

honeypots and honeytokensfuturedeception technologies

With the work on our upcoming SOC paper and on the TI paper refresh winding down, we are preparing to start some exciting research in our new project: Deception Technologies!

We’ve been blogging about this for some time, but the time to do some structured on the topic has finally come. There are many vendors offering some interesting technology based on deception techniques, and we can see some increased interest from our clients on the topic. Our intent is to write an assessment about the technologies and how they are being applied by organizations.

An interesting question to ponder on is about when an organization should adopt deception techniques. I briefly touched this on my last post about the topic, but I need to expand on that as part of this research. For instance, when an organization should start deploying deception techniques? How to decide, for example, when to invest in a distributed deception platform (DDP) instead of in another security technology? Also, when does it make sense to divert resources and effort to deception from other initiatives? It’s clear that an organization shouldn’t, for example, start deploying a DDP before doing a decent job on vulnerability management; but when you consider more recent technologies or things deployed by more mature organizations, such as UBA: Does it make sense to do deception before that? How should we answer that question? Those are some of the questions we’ll try to answer with this research.

Of course, the vendors have been very responsible and willing to brief us on their products, but it’s also important for us to see things from the end user perspective. So, if you are using deception technologies, let us know!

Leave a Comment

2 Comments

  • Omri Dotan says:

    Dear Augustine,

    I would like to connect you with two companies that use deception on the endpoint. One already uses it and caught APT, the other is in the process. Additionally I will request a briefing in a deception technology you have not yet seen. It got cool vendor in 2016.

    • Augusto Barros says:

      Omri, please feel free to contact me on augusto.barros at gartner to provide the contact for them. Please schedule the briefing via Vendor Briefings, please include analyst Anton Chuvakin as well on your request.