Cyber deception is one of the most capable and powerful approaches the computer security industry has seen, perhaps ever. It brings with it a wide range of benefits, all of which not only reinforce each other, but reinforce and are reinforced by the use of traditional security technologies. This is not only the greatest strength of cyber deception, but also its greatest weakness. Many security technologies can be explained very simply. It takes only a sentence or two to describe the benefits of firewalls, EDR, SIEM, or DLP solutions. Attempting to describe the benefits of cyber deception in a few words is difficult, if not impossible. This is because cyber deception is a strategy rather than a technology just as “zero trust” is a strategy, not a specific technology. In both cases, technology facilitates the strategy but is not the strategy itself. Being unable to succinctly define a single value proposition for cyber deception makes it a difficult concept to grasp, at least initially.
While deception as a strategy is hard to boil down to a single sentence, it does bring an unparalleled set of benefits including:
There are few, if any other security strategies that can provide such a compelling array of benefits. The ability to achieve all of these goals is enhanced by the fact that you do not need to do so. Organizations new to deception could focus only on attack detection. As they mature, they can expand to the collection of threat intelligence, and eventually, active attacker engagement. Other than selecting one deception technology vendor over another, there are few decisions that leave you unable to adjust your goals as your needs change. You can use deception for one thing today, another tomorrow, and both things the day after tomorrow.
Cyber deception is not new. The technology, starting with the work put out by the Honeynet Project in 1999 and the emergence of virtualization around the same time, has been around for decades. The concepts have been written about for nearly 2,500 years. Use of cyber deception is not an experiment, but is instead, a focused implementation of technology that is decades old combined with millennia old concepts. Cyber deception has been proven to work and should be, at least, on the radar of every organization serious about the effectiveness of their security program.
If you want to learn more about cyber deception stay tuned for upcoming insights about Breakout Time, Breach Costs and SOC inefficiencies or why cyber deception is The Deceptively Simple Solution.
Image provided by Canva.com