Illusive Blog November 21, 2019

Industry Analysts Now Fully Endorse Deception Technology

By Daniel Brody

With hundreds of new technology trends and literally thousands of vendors vying for attention, its no wonder CSOs and other security professionals struggle to stay fully up to date. The barrage of marketing claims only complicates matters.

So Gartner’s recent research report, “Emerging Technologies and Trends Impact Radar: Security” (paywall) arrives as a balm for the beleaguered security professional, cutting through the noise to provide a snapshot of which new technologies truly offer a leg up on increasingly sophisticated attackers and threats. Among other recommendations in the report, Gartner suggests deception technology offers “easy to deploy, deterministic, and effective threat detection capabilities for enterprises of all sizes,” and here at Illusive Networks we couldn’t agree more.

Gartner recommends deception technology as a simple, efficient and practical way to identify threats, rating deception technology as the highest possible range rating – “Now” – meaning that Gartner expects it to be adopted by the early majority of buyers within the next year (see image below). Deception was also rated “High” in terms of mass, meaning that Gartner expects the technology to affect a wide breadth of market sectors and greatly disrupt existing products and services.

Translation: Gartner believes this year deception technology will become a “must-have” in the security stack of any given organization, regardless of size or vertical, because its efficacy is repeatedly being demonstrated on a large scale without the implication of additional resource investment.

Gartner 3 box

And, Gartner isn’t the only analyst firm excited about deception technology and saying its time has come. A GigaOm report just noted:

…[T]hanks to its ease of deployment, low overhead, management simplicity, scalability, and ability to provide operators with insights that have an extremely low number of false positives, [deception] is a technology that almost any enterprise—small, medium, or large—could employ to an enormous advantage.

Enterprise Management Associates (EMA) declared that deception technology decreased average attacker dwell time on an enterprise network from 100 to just 5.5 days—a 91% reduction for those that employed deception technology versus those who had not. EMA further commented that deception technology “can be used to reduce business risks across a wide range of different use cases” and spoke approvingly of its low false-positive rate and proactive early threat detection capability.

With all the analyst excitement around deception technology and the release of the latest Gartner report, now is a good time to take an in-depth look at why this type of security solution is increasingly viewed by technology experts as indispensable.

Below are some of the benefits that Gartner cites as justifications for their bullishness on deception technology, along with our own commentary:

High-fidelity threat detection 

Gartner notes that deception technology provides a way to detect hacker threat activity through fake or decoy elements that would not be seen by anyone except those looking to carry out malicious activity. Therefore, “since no legitimate interaction with fake resources is ever warranted, any interaction is an alarm to a threat.” Unless a user were doing something mischievous like attempting unauthorized lateral movement to another device, or digging around in a device’s memory for cached credentials, there would be no way to trigger a notification.

With deception technology, every incident matters and justifies an immediate response. That is in direct contrast to threat detection approaches based on behavioral data or analytics, which often generate a high volume of false positive alerts. These probabilistic approaches are based on factors that may potentially be correlated with previously observed incidents but don’t conclusively prove an attack is in progress. Recent reports indicate that tools using this approach produce up to 70% false alarms. Investigating alerts that turn out to be false positives doesn’t just waste your SOC’s time and resources; it is increasingly becoming evident that they are a chief factor responsible for high SOC analyst turnover and burnout in the security industry.

Clear security ROI for any type of organization

It can be tough to determine whether any given security product or service is really going to live up to the hype and catch attackers before they reach critical data. However, Gartner notes that deception technology not only “does well in proof of concept (POC)” and “perform(s) well during the sales cycle;” it also “proved to be a worthy technology to add to security programs.”

Illusive customers, some of whom already were using over 200 different security solutions by the time they implemented deception, can attest to how much return on investment this technology provides, including:

As the variety of different types of customers above confirms, deception technology is versatile and industry-agnostic. Gartner notes that “deception technologies will continue to grow since they appeal to a wide range of buyer sizes, verticals and geolocations worldwide as organizations are seeking to enhance their threat detection programs.”

Deception’s ease of use and clear effectiveness make it a populist solution to long-standing security problems that any organization can leverage to rapidly enhance its threat detection and response. Since Illusive deceptions are automated to reflect the data that an attacker would expect to find on a given endpoint, it is also easy to customize authentic deceptions for any given industry; as Gartner points out “vertical-specific deception for medical systems, energy, manufacturing or other embedded control systems (like networks) is a likely stronghold for deception,” and Illusive offers tailored deceptions for each of those verticals.

Quick and easy deployment without additional overhead

Gartner remarks that deception technology “can be up and running quickly, without placing a very heavy burden on operations.” Because of deception’s roots in honeypot technology, it acquired a reputation for being a heavy-handed approach that required spinning up a bunch of servers just to have a few well-placed and often sidestepped decoys. However, Illusive pioneered a change in what deception means that revolutionized the industry and created the lightweight endpoint deception approach that Gartner says adds detection without “systems interference.”

Illusive’s agentless and completely software-based deception strategy is unique in the space for its particularly low-touch deployment and management, with no need to gather months of data for analysis, no additional hardware, and user-friendly portal that makes distributing deceptions and collecting incident forensics a simple, streamlined process.

Protection for highly specific IoT and OT environments

As part of their recommendations for deploying deception technology, Gartner advises that organizations should “focus development on creating highly realistic and interactive decoys that have the ability to automatically mimic customer-specific environments, including Internet of Things (IoT)/operational technology (OT).” Organizations often need to rely on a variety of systems or devices that can’t be patched properly, monitored consistently, or fitted with the latest security controls. The massive range of available IoT devices also them nearly impossible to comprehensively protect, and they have become a popular spot for attackers to carry out reconnaissance and data theft. Operational Technology (OT) systems are also increasingly targeted by adversaries, since their age and specialized protocols prevent them from being effectively patched or monitored as well. Illusive’s next-gen IoT and OT Emulations are engineered to mimic real-world environments in a way that fools attackers into engagement, consequently triggering a powerful response and removing unconventional infrastructure as an attack path for cyber criminals.

The industry analyst community’s message is clear: deception technology is an easy way for security teams to greatly strengthen early threat detection without additional operational burdens. The technology is solid, well tested by large established firms, and offers such value that it should be considered an essential component of a well-architected security strategy. For those reasons and more, 2020 is set to be the year deception goes mainstream as an essential part of any organization’s security arsenal.

Learn more about the Illusive Platform and see how its inescapable web of deceptions instantly forces attackers to reveal themselves.