Deception Techniques “Can be”, and “Are” being used in other Security Solutions
In my earlier Emerging Technology note on deception (see “Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities“), I called out that there’s a broad-based opportunity for providers of prevention and detection technologies to apply the principles of deception into their products. Several providers are now using and building deception capabilities into their products, and we expect this to continue. Essentially, deception is a new strategy that security programs can use for both detection and response. Is deception a panacea? Absolutely not, but it is a far far underutilized technique that can provide serious security advantages against attackers, especially for those that are more advanced.
Deception Products Reach Market Viability!
I also profiled the competitive landscape of a market of deception products that I call “Distributed Deception Platforms” in research titled “Competitive Landscape: Distributed Deception Platforms, 2016” where I’ve explained that these solutions are now market-viable. One important thing to point out here is that these solutions are an emerging technology. Meaning, not everyone has already bought it nor would we expect them to have since this market is just emerging. I’ve talked to customer references that have been deploying Distributed Deception Platforms (DDP), and so far, these organizations were convinced that it was an integral part of their overall security program. The fact that the DDP technology is now market viable is why clients are becoming interested in leveraging deception in their security programs.
Building a Business Case for Deception
In recent blogs from Anton and Augusto, they call out the additional business justifications for having deception technology that providers should be focusing on to achieve higher adoption (see Building a business case for deception). In that blog post, its pretty clear that deception technology has other value beyond just “better threat detection” and “better (high quality) alerts” that many providers have focused on. Clients should be using these things to justify budgets for deception-oriented solutions. In all seriousness, some organizations don’t properly appreciate that deception techniques can be used in their security program to thwart attackers just as much as detect them. This should change, and I think this movement has already begun.
Personally, I am very excited to see the emerging research of both Anton and Augusto. Augusto, whom I might add invented the term “honeytoken”.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.