Deception Technologies Have a Maturity Problem

While there's plenty of upside to rolling out deception technologies, it's not clear if cybersecurity leaders — or their organizations — are ready for them.

 A panel at Infosecurity Europe discussing deception technologies.
A panel at Infosecurity Europe discussing deception technologies.Source: Dan Raywood via Dark Reading

INFOSEC23 — London — Deception technologies can offer a better method to detect attackers in your network, but questions remain on how much security leaders know about their maturity and capabilities.

In a discussion at Infosecurity Europe, panelist Debi Ashenden, a professor in cybersecurity from Adelaide University, described deception technologies as relatively immature. She said deception had "come out of the idea of honeypots" and while organizations may be on the cusp of seeing deception technologies mature, the technology lacks good use cases or reference customers willing to discuss their experience with deception.

Gonzalo Cuatrecasas, CISO of Nordic industrial manufacturer Axel Johnson International, said when technology is embraced, "it's got to be mature enough to do [the job it is intended for], otherwise it is halfway tech that gets [stuck] in the middle."

The Latest Cool Trend?

Lewis Woodcock, senior director of cyber operations for shipping concern A.P. Møller – Mærsk, said the challenge is for customers to fully understand what their underlying goals are. "I worry deception technology is the latest cool trend, but organizations need to stop and think [about] what they are trying to achieve."

While Ashenden said deception technology can also be very resource-intensive and that many CISOs don't understand why they need it, Woodcock wondered what an action plan for dealing with an attacker would look like, once deception technology got activated. That's not an endgame that many organizations are prepared to address or manage.

Ashenden also said there are questions on where in the network or SOC to deploy deception technology and that more work is needed to determine how this emerging technology fits into the cybersecurity portfolio. Cuatrecasas added that deception users should "be prepared to make decisions, as what you find may be something that we do not know about."

What You Need to Implement

As for implementation tips, Woodcock said familiarity and experience with threat intel could simplify deception rollout and management. He also recommended having an environment that looks real to an attacker — as if the network is very locked down and one server is open — as it is a giveaway to the attacker about what is going on. "Know your objectives, how an adversary will perceive it, and how you will respond," he said.

Ashenden recommended discussing with senior management what the technology will achieve and what it offers the wider organization, not to mention a strong business rationale for buying and using.

About the Author

Dan Raywood, Senior Editor, Dark Reading

With more than 20 years experience of B2B journalism, including 12 years covering cybersecurity, Dan Raywood brings a wealth of experience and information security knowledge to the table. He has covered everything from the rise of APTs, nation-state hackers, and hacktivists, to data breaches and the increase in government regulation to better protect citizens and hold businesses to account. Dan is based in the U.K., and when not working, he spends his time stopping his cats from walking over his keyboard and worrying about the (Tottenham) Spurs’ next match.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights