Deception is a frequently used tactic in both defensive and offensive strategies, from chess to duck hunting, and a tool that many security professionals have been using for years. Initially, when deception was used in network defense, it involved a human carefully interacting with an infiltrator to make them believe that they had achieved access to restricted data and to keep them occupied until the threat could be contained. Today, however, technological advancements have eliminated the need for direct human interaction and have increased the believability of decoys.
Written by: Carolyn Crandall, Chief Deception Officer – Creating decoys that blend in seamlessly with the production environment is critical, as is one’s approach to deploying deception credential lures. There are a variety of different ways to deploy deception credentials and different levels of validation that need to be in place for believability.