Deception Technology
What is Deception Technology?
Deception TechnologyA defensive approach that deploys decoys, breadcrumbs, and fake assets across the environment to detect, mislead, and study attackers with high fidelity.
Deception technology layers decoys throughout the network, endpoints, Active Directory, and cloud — fake servers, fake users, fake credentials, fake files, and fake tokens — so that any interaction with them is intrinsically suspicious. Unlike signature-based tools, deception generates very few false positives: legitimate workflows never touch the decoys. Commercial platforms such as Attivo Networks (now part of SentinelOne), TrapX Security, and Illusive Networks made deception a mainstream control during the 2015-2020 period, and the approach is now embedded in many XDR and ITDR products. It is especially effective against lateral movement, credential abuse, and ransomware reconnaissance.
● Examples
- 01
Attivo BOTsink decoys mimicking SCADA endpoints on an OT segment.
- 02
Illusive breadcrumbs on workstations that lure attackers to a monitored decoy server.
● Frequently asked questions
What is Deception Technology?
A defensive approach that deploys decoys, breadcrumbs, and fake assets across the environment to detect, mislead, and study attackers with high fidelity. It belongs to the Defense & Operations category of cybersecurity.
What does Deception Technology mean?
A defensive approach that deploys decoys, breadcrumbs, and fake assets across the environment to detect, mislead, and study attackers with high fidelity.
How does Deception Technology work?
Deception technology layers decoys throughout the network, endpoints, Active Directory, and cloud — fake servers, fake users, fake credentials, fake files, and fake tokens — so that any interaction with them is intrinsically suspicious. Unlike signature-based tools, deception generates very few false positives: legitimate workflows never touch the decoys. Commercial platforms such as Attivo Networks (now part of SentinelOne), TrapX Security, and Illusive Networks made deception a mainstream control during the 2015-2020 period, and the approach is now embedded in many XDR and ITDR products. It is especially effective against lateral movement, credential abuse, and ransomware reconnaissance.
How do you defend against Deception Technology?
Defences for Deception Technology typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Deception Technology?
Common alternative names include: Deception platform, Cyber deception.
● Related terms
- network-security№ 485
Honeypot
A decoy system or service deliberately exposed to attract attackers, observe their techniques, and divert them from production assets.
- defense-ops№ 483
Honeyfile
A decoy document planted in storage to trigger an alert if an attacker or insider reads, copies, or exfiltrates it.
- defense-ops№ 487
Honeyuser
A fake identity provisioned in directory services and HR systems so that any login attempt or enumeration immediately reveals an attacker.
- network-security№ 486
Honeytoken
A piece of fake data — credential, file, record, or API key — that has no legitimate use and triggers an alert the moment it is accessed.
- defense-ops№ 012
Active Defense
A defensive strategy that goes beyond passive monitoring to engage, mislead, and disrupt adversaries inside the defender's own network and assets.
- defense-ops№ 606
Lateral Movement
The MITRE ATT&CK tactic (TA0008) covering techniques that let an attacker pivot from one compromised host to others across the environment.
● See also
- № 689MITRE Engage
- № 456Hack-Back
- № 482Honey Account