Key takeaways from gartner on deception technology
Driven by customer demand, Gartner continues to increase coverage of the growing deception technology space, which they have dubbed “Distributed Deception Platforms”.
The latest research includes a report covering the value that deception brings to security programs (available for free download) and a technical comparison of the six leading deception vendors (available for subscribers of the Gartner Technical professional advice service).
In this three-part blog I will outline my main takeaways from this body of research.
Part One – “You gotta be sincere!”
You gotta be sincere
In one of the most memorable acts of the iconic 1963 movie Bye Bye Birdie, teen idol Conrad Birdie serenades a crowd of adoring teenyboppers, with the song “Honestly Sincere”. While the golden clad Conrad is obviously quite superficial and vain there is great truth to the words he croons, “you gotta be sincere”. To be successful in anything you must do it in a credible and authentic way ,or ultimately you will fail.
Why credibility is critical for deception tools?
Reading the latest Gartner research, it seems that what is true for rock n’ roll stars is doubly true for the new set of deception tools disrupting the Threat Detection market.
One of the key categories that Gartner used to evaluate deception tools was the credibility and authenticity of the deceptive elements for each of the leading vendors in the space.
Deception Credibility and Authenticity is defined by Gartner as the ability to make decoys and lures indistinguishable from real assets to avoid identification by attackers.
I am glad that we here at TrapX remain loyal to our core mission of advanced threat detection and our product scores the highest in the credibility category. The decision to ensure the quality of the decoys and lures is core to our product strategy. If a feature cannot deceive sophisticated attackers and does not stand to the most rigorous scrutiny by red teams, we don’t ship it. Period.
On the other hand, deception technology that is not credible (decoys & lures are easily distinguishable from the real network assets) can be recognized by attackers early, thus helping them avoid detection.
Gartner strongly called out some vendors that, while investing heavily in adding dozens of other features, neglected the credibility of the decoys and lures. In other words, the tools of those vendors will be identified and avoided by attackers who look carefully and only simpletons will be caught.
To learn more please read my next blog: “Key Takeaways from Gartner on Deception Technology: Part Two – Deception and the IoT Revolution”.