The first question that many folks ask about using deceptions in their security programs is, can’t a deception be easily detected? The answer is yes but also no. IN fact, this is really the core reason the technique is so effective in detecting and misdirecting attackers in an enterprise environment. Recently, I did a webinar for CISO clients at Gartner and I used the following slide and asked everyone on the phone to tell me which of the examples was the deception – I got crickets!
Can you answer the question below? (Scroll to the bottom to see the answer)
The Answer: Neither examples are deceptions, now you know the entire point of using deception. The attacker must trust what they see. But before they have a chance to guess, they get detected!