Almost 15 years ago, Honeyd was introduced as the first commercially available honeypot and offered simple network emulation tools designed to detect attackers.
Deception is still a fairly new technology, so it is not surprising that seasoned security professionals will ask, “Isn’t deception just a honeypot or honeynet?” In fairness, if you consider that they are both built on trapping technology, they are similar.
Gene Spafford, a leading security industry expert and professor of computer science at Purdue University, originally introduced the concept of cyber deception in 1989 when he employed “Active defenses” to identify attacks that were underway, designed to slow down attackers, learn their techniques, and feed them fake data.
Deception technology has made monumental strides in evolving from limited, static capabilities to adaptive, machine learning deception that is designed for easy operationalization and scalability.
Based on our own internal testing and from others in the emerging deception market, deception is now so authentic that highly skilled red team penetration testers continually fall prey to deception decoys and planted credentials, further validating the technology’s ability to successfully detect and confuse highly skilled cyberattackers into revealing themselves.