September 2, 2015 By Jaikumar Vijayan 3 min read

Emerging deception tools and techniques, such as next-generation honeypots and decoy systems, could have a game-changing impact on enterprise security strategies. That’s according to a new Gartner report titled “Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities,” which examined the potential for organizations to use deception as a strategy for thwarting attackers and making it costlier for them to engage in threat campaigns.

Next-Generation Tools

According to Gartner, a new generation of distributed decoy technologies that employ deception as a way to misdirect intruders and disrupt their activities at multiple points along the attack chain are becoming available.

Enterprises should consider implementing such deception as an automated response capability because it represents a sea change in the future of enterprise security, wrote Lawrence Pingree, Gartner analyst and author of the report.

Ideally, the goal should be to implement a capability so that when an intrusion is detected, the threat actors and compromised systems are automatically isolated into a “network deception zone,” Pingree said in the report. They should be “provided with what is equivalent to a hall of mirrors, in which everything looks real, and everything looks fake,” he wrote.

Delay and Deflect

The effort should be to delay attackers and force them to spend more time and effort figuring out what is real and whether to proceed with an attack. Several existing security tools offer deception capabilities or can be relatively easily tweaked to provide a disruptive deception capability, Pingree said in the report.

Examples of specialized distributed decoy tools include those from vendors like Attivo Networks, TrapX, Cymmetria and GuardiCore. Tools from these vendors specialize in deceiving attackers into seeing things that are not there on the network or luring them into believing they have accomplished a task when they have not. Some tools, for instance, create fake systems and network components that look and act exactly like real assets.

Existing Tools for Enterprise Security

Deception can be implemented with existing tools, as well. For example, firewalls with blacklists, intrusion prevention, URL filtering and similar capabilities can be set to transport connections from known malicious hosts to network emulation services or to deception decoy services within the enterprise network.

Standalone intrusion prevention appliances from vendors like IBM, Cisco, HP and Intel can similarly be leveraged to implement deceptive measures at the network protocol layer. Even basic measures like TCP tarpits — where a device responds appropriately to a TCP handshake request but never opens a connection — continues to be an effective response to mass TCP port scans.

Similarly, endpoint protection and endpoint detection and response tools can be leveraged to implement deception at the malware host layer, Pingree said. For example, an unknown binary could be deceived into believing it is operating within a virtual environment, or it could be forced to go dormant by emulating processes that look like several versions of antivirus are running on the host.

Attack Chain

Deception technologies and techniques can be deployed along the entire attack chain, Pingree said. During the reconnaissance stage when an attacker might be scouting the network, deception can be used to provide the attacker with false information on the topography and the assets on the network.

Similarly, during the weaponization stage, when an attacker is figuring out what tools to use in an attack, deception can be used to delay the attacker’s tool selection process, the report noted. Suspicious software could be forced to run for longer periods of time in a sandbox environment, or false information pertaining to the operating system and application could be fed to it. Deceptions can similarly be employed at the malware delivery, installation and exploit stages.

By 2018, expect to see 10 percent of all enterprises use such techniques, the report predicted. Factors that could inhibit adoption include fear of false alerts and deception believability. But should vendors continue to develop these tools and organizations evolve their security strategies, enterprise security can be in a better position to protect against attacks.

More from

Regulatory harmonization in OT-critical infrastructure faces hurdles

3 min read - In an effort to enhance cyber resilience across critical infrastructure, the Office of the National Cyber Director (ONCD) has recently released a summary of feedback from its 2023 Cybersecurity Regulatory Harmonization Request for Information (RFI). The responses reveal major concerns from critical infrastructure industries related to operational technology (OT), such as energy, transport and manufacturing. Their worries include the current fragmented regulatory landscape and difficulty adapting to new cyber regulations. The frustration appears to be unanimous. Meanwhile, the magnitude of…

Generative AI security requires a solid framework

4 min read - How many companies intentionally refuse to use AI to get their work done faster and more efficiently? Probably none: the advantages of AI are too great to deny.The benefits AI models offer to organizations are undeniable, especially for optimizing critical operations and outputs. However, generative AI also comes with risk. According to the IBM Institute for Business Value, 96% of executives say adopting generative AI makes a security breach likely in their organization within the next three years.CISA Director Jen…

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.This milestone was reached at Pwn2Own 2024 in Vancouver, where two women, Valentina Palmiotti and Emma Kirkpatrick, each secured full wins by exploiting kernel vulnerabilities in Microsoft Windows 11. Prior to this year, only Amy Burnett and Alisa Esage had competed in the contest's 17-year history, with Esage achieving a partial win in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today