Industry research and advisory firm Gartner has been tracking deception technology for a while now. Research Director Lawrence Pingree (Twitter) had written about it in 2015. Now, Gartner identifies deception as a top security technology for 2016 in a list it has released.
The researtch firm just released its list of the ‘Top 10 Technologies for Information Security in 2016‘ and deception technology is one of the technologies they recommend. Here’s what they have to say:
Deception technologies are defined by the use of deceits and/or tricks designed to thwart, or throw off, an attacker’s cognitive processes, disrupt an attacker’s automation tools, delay an attacker’s activities or disrupt breach progression. Deception technologies are emerging for network, application, endpoint and data, with the best systems combing multiple techniques. By 2018, Gartner predicts that 10 percent of enterprises will use deception tools and tactics, and actively participate in deception operations against attackers.
The other technologies that made the list are:
- Cloud Access Security Brokers
- Endpoint Detection and Response
- Nonsignature Approaches for Endpoint Prevention
- User and Entity Behavioral Analytics
- Microsegmentation and Flow Visibility
- Security Testing for DevOps (DevSecOps)
- Intelligence-Driven Security Operations Center Orchestration Solutions
- Remote Browser
- Pervasive Trust Services
The growing interest in deception platforms is a result of the realisation that legacy detection systems are too focused on the ever-changing tools of the attacker, and do not deploy defences that are unique from organisation to organisation. As a result, attackers can easily modify their tools to evade these static defences. The evidence is the number of high-profile breaches that have succeeded in spite of antivirus, SIEM, sandboxing and other traditional defences being in place.
Deception technology is now in it’s 3rd generation. If you want to learn about how it offers greatly improved cross kill-chain threat detection along with response mechanisms, read this this blog post.
The curious case of “How many decoys do I need?”
Open Source Honeypots That Detect Threats For Free
7 Ways to Fail At Implementing Deception Technology
- Detect zero-days, APTs, and insider threats
- 10x the detection capabilities with 1/2 the team
- Get started in minutes, fully functional in hours