Illusive Blog July 16, 2019

Gartner: Threat Deception is Powerful, Only When It Works

By Kirby Wadsworth

“Deception systems can service many different buyer types and needs, from simply being the only detection system a smaller company owns, to augmenting a more robust detection practice at more mature firms, to highly targeted vertical specialization needs, such as IoT and medical devices.”

In Gartner’s 2019 Hype Cycle for Threat-Facing Technology, the leading analyst firm calls out Deception Technology as high value, stating the technology is ‘emerging as a viable and valuable complement to more traditional threat detection solutions.’ Of course we agree, but what’s more we see examples every day of enterprises large and small, mature and emerging, reaping the benefits of Deception.

Gartner’s newly released research report, Solution Comparison for Six Threat Deception Platforms, provides a nicely detailed evaluation of strengths and weaknesses for security and risk management teams evaluating threat deception technologies.

In Gartner’s report, authors Augusto Barros and Anna Belak issued a set of key findings and recommendations, a couple of which we at Illusive view as essential for organizations with highly sensitive assets actively working to detect and stop cyber threats of all types including Advanced Persistent Threats (APTs), malware, ransomware, credential dumping, lateral movement, and malicious insiders.

In short, deception works great with a couple of caveats:

  1. In-network deceptions have to actually deceive increasingly sophisticated attackers, so believability of deceptions is paramount.
  2. And, companies must be able to deploy, support, refresh, and respond to deception’s high fidelity alerts without hiring an army.

On both counts, Illusive Networks couldn’t agree more!

Authenticity of Deceptions

Cyber attackers are a savvy bunch. Attackers get in, and given enough time and a little trial and error, find what they came for: your crown jewels.

But, attackers rely on the belief that what is seen is real and the data that’s collected is reliable. If security teams are going to disrupt cyber attackers at their own game, deceptions cannot leave traces that expose them as the slightest bit fake. If poor deceptions are detected, this cybersecurity tactic is rendered useless.

As recommended by Gartner, the best way to test the capabilities and effectiveness of a threat detection solution is through a friendly game of capture the flag, cyber style.

(Shameless plug—Illusive achieved Gartner’s highest rating in the Deception Credibility and Authenticity category. We have beaten the best red teams in the world—including 3 letter government agencies over 100 times—in fact, we have never lost a red team contest!)

Discover first hand how Illusive Red Team exercises have helped our customers evaluate the power of our Deceptions Everywhere technology to thwart advanced attacks early in the process—BEFORE in-network threats do damage.

One word of caution about these feature list comparisons. As much fun as they are, you need to take the comparison matrices with a grain of salt. In comparing “like for like” features, they are effective. The effectiveness of our deceptions is better than theirs, etc. But, if you’ve made it this far, you’re aware one does not decide which vendor has the best solution for your organization simply by adding up a list of who has the most features. If you need a subcompact car for city driving, the availability of an interactive backseat entertainment system or a 3rd row of seats is irrelevant. If your goal in researching deception technology solutions is early, accurate detection of threats to your commercial systems, the availability of many IoT device emulations you’ll never use is similarly irrelevant.

If you are interested in learning more about what deception can do for your organization’s security posture, feel free to contact us here. As Gartner noted, we invented and evolved endpoint centric deception and would be happy to show you what the Illusive Platform is capable of.