By Ori Bach, GM & VP Product, TrapX Security
Driven by customer demand, Gartner continues to increase coverage of the growing deception technology space, which they have dubbed “Distributed Deception Platforms”.
The latest research includes a report covering the value that deception brings to security programs and a technical comparison of the six leading deception vendors. As this blog series was written Gartner published a 3rd report titled “Midmarket Context: Improve Your Threat Detection Function with Deception Technologies” focusing on the value the technology brings to mid-market enterprises.
In the final installment of this three-part blog, I will summarize the conclusions from this important body of research.
As is the case with many emerging spaces, buyers and evaluators are often confused by information being thrown at them by vendors. Much of the information is designed to cover up for vendors product shortcomings by generating noise and FUD (fear, uncertainty and doubt) to divert the conversations away from real products and solving real problems.
For those who are asking themselves “Do I need Deception?” the Gartner research provides concrete use cases against which they can match their needs and priorities. In addition, such objective analysis also provides a useful way to work thru the noise and make informed.
Evaluators looking to choose the right type of deception technology for their needs should keep in mind the difference between useful information and noise
|Useful Information||Un-useful information|
|Objective research by established analysts||Pay-for-play research by unknown analysts|
|Size of customer base||Size of vendors booth at RSA|
|Public references and research||Unsupported vendor claims|
|Specific use cases that can be supported by the product||Number of features|
Deception – What is Good For? (Apparently quite a lot)
While the technology has many possible implementations three top use cases emerge. The competitive analysis also shows how well vendors can fulfill those use cases.
Mid-Market Enterprises (SIEM replacement)
What is Deception good for? – Deception allows security teams to prioritize threats because false positives are rare. Deception tools are exponentially easier to deploy and operate than a SIEM deployment.
Business justification – Cost effective way of implementing accurate threat detection for small security teams with limited capacity.
What should evaluators be looking for? – Ease of deployment and maintenance, MSSP (managed security service provider) support.
Manufacturers and Healthcare providers (Detect attacks against IoT & OT networks)
What is Deception good for? – Detect threats to legacy and proprietary devices without operational impact (No agents, no network changes).
Business justifications – Maintain operational efficiency by preventing malware infections (such as ransomware).
What should evaluators be looking for? – Support for IoT environments requires strong emulated decoys capabilities and nature of deployment requires distributed scalable architecture. Prioritize vendors that received a high score on those categories.
Large Enterprises / ones that are targeted by sophisticated cyber actors (Detect APT’s)
What is Deception good for? – Additional layer of detection able to flush out highly sophisticated cyber adversaries that are able to avoid detection by other security controls.
Business justification – Protect real data and assets by eliminating dwell time. Delay cyber adversaries by feeding them false data
What should evaluators be looking for? Given the sophistication of adversaries, deception credibility is key. Avoid vendors that received a less than perfect score on this category or have been flagged has having deception that can be fingerprinted by hackers. Given size of network scalable support for hybrid cloud, virtualize network is also key.
The TrapX approach
Our approach at TrapX, is to lead the deception space by educating our customers and talking about real problems and real solutions. This is why we are happy to offer great research such as the latest Gartner report and the excellent SANS whitepaper. We are also proud to lead the space in the number of original research papers and case studies.
If you are interested in this space I invite you to meet our cyber experts and the TrapX executive team for a meaningful conversation about how deception can address your security challenges.