You’ve Been Deceived about Deception Technology
By Carolyn Crandall, Chief Deception Officer, Attivo Networks
It is easy to be misled about things that are unfamiliar. We see this happen regularly with fake news and
manipulative communications that steer a person towards certain beliefs. Cybersecurity is not immune
from this, especially when it comes to deception technology. So, what is there to be deceived about with
deception?
Fundamentally, using deception in cybersecurity isn’t really new. The technology has been around for
over 20 years and carried some limelight during the active Honeynet days when it proved valuable in
helping defenders understand who was attacking the network. Placing a honeypot at the perimeter of the
network yielded useful information for research as attackers tried to breach it. Deception was an
innovative idea then, but interest faded due to its complexity and the time needed to operate it.
In 2014, advancements in deception technology started surfacing. The concept of trapping and
misdirecting attacks was still a core premise, however there were many critical changes. First, the
deceptions were now designed for operation inside the network, with the value shifting towards setting
landmines to derail attacks that had by passed perimeter defenses. Two fundamental approaches