What a difference a year makes.
In 2018, we find deception platforms listed with a “High” Benefits Rating in Gartner’s Hype Cycle for Threat-Facing Technologies, 2018.
Adoption of Deception Gains Momentum
We feel that this aligns with our experience in the market. Initially, customers with severe challenges not easily addressed by any other security technologies were drawn to deception. Illusive found early and perhaps unusual success as an emerging company because deception literally changes the game on targeted attackers by turning the entire network into an inescapable trap. We quickly found ourselves deploying in some of the largest enterprises on the planet.
This past year, the deception market passed through a palpable tipping point; organizations of all sizes, and across the cyber maturity spectrum are now rapidly deploying deception technology.
- Those with advanced cybersecurity defenses are filling gaps in their threat detection and mitigation capabilities, specifically for early detection of malicious lateral movement and cyber reconnaissance.
- Organizations with lower levels of security investment—both large and small—are deploying deception as a foundational threat detection mechanism. Deception is proving simple to deploy and operate. Even less sophisticated organizations are realizing the importance of ensuring early detection of high-impact threats and are prioritizing investments in this area above others.
- Shorthanded security teams in organizations of all sizes and maturities are learning that deception technology’s high-fidelity alerts and real-time forensics empower incident responders to act faster and more efficiently.
Protecting Revenue, Reducing Costs
Of course, hard ROI for most security investments is elusive at best, but deception drives tangible results by speeding threat detection and incident handling, and by providing risk-oriented visibility.
For example, deception enables organizations to:
- More effectively prevent brand damage and disruption. It goes without saying that preventing business losses—both tangible and intangible—is the end goal of threat-facing technologies. Endpoint-based deception is especially powerful, though, because no matter where attackers first land, they can’t get very far. With Illusive, deceptions work in tandem with Attack Surface Manager, which stymies lateral movement by preemptively removing excess credentials and connections in the environment. Odds are near zero that attackers will be able to make more than a single system-to-system lateral move, much less the many moves typically required to achieve their primary objective.
- Reduce remediation costs by containing the attack and reducing dwell time. During the lateral movement process, every system an attacker compromises increases clean-up costs and multiplies the risk of collateral damage. Early detection through endpoint-based deception is crucial in reducing these costs. The Ponemon Institute 2018 Cost of a Data Breach Study indicates that companies that contained a breach within 30 days saved over $1M.
- Shrink the alert funnel. By intervening early in the kill chain and stopping the progress of attacks, hundreds or thousands of alerts (failed logins, etc.) that might otherwise be generated will never fire. While deception technology alone can’t bring nirvana to a noisy SOC, and it’s impossible to know the precise value of events that never occur, the ability to cut down on the cascade of alerts can certainly reduce workload and make it easier to see what’s really important.
- Prioritize and streamline incident response. The Ponemon study also indicates that companies with incident response teams reduce the cost of a data breach by as much as $14 per compromised record. It stands to reason that the more efficiently an IR team can act, the greater the savings. Illusive’s deception-based technology helps in 3 important ways:
- Deceptions are visible only to malicious actors, hence a deception-generated alerts is extremely high fidelity; the SOC always knows these warrant urgent attention.
- Illusive provides a GPS on attackers, showing the proximity of compromised machines to “crown jewels” to help responders prioritize efforts.
- By capturing real-time host forensics from each compromised endpoint, Illusive provides incident response teams with rich data, including a wealth of volatile system data that is usually lost by delays in launching forensic collection.
Overall, the agility to effectively stop cyber attacks within the network perimeter—even when security controls are not perfect—enables fast-moving businesses to more confidently leverage technology. This, of course, directly supports an organization’s revenue-generating and cost reduction strategies.
Yes, deception is an innovative technology, and no, it’s not for every enterprise or every use case. But deception is proving to be a valuable tool in the ongoing fight against targeted attacks, malicious insiders, and advanced persistent threats. And there is no arguing that the market is growing fast – faster we would argue than the hype surrounding it.
So, you may ask, what do you believe we think happens when deception platforms reach the peak of the Hype Cycle and begin the slide into the Trough of Disillusionment? Well, we’re not convinced this is the fate of all security innovators, and we don’t intend to fall into the trap of overpromising and underdelivering. While we are very proud that deception has been listed in a Hype Cycle, our view is that: we aren’t fond of hype, and we don’t feel it’s necessary or even warranted when a technology with as much raw potential as distributed deception comes along.
At Illusive, our focus will remain firmly on meeting and exceeding customer expectations. We believe the results speak (loud enough) for themselves —and, working closely with our customers and partners, we plan to keep it that way!
Gartner, Hype Cycle for Threat-Facing Technologies, 2018, Pete Shoard, 13 July 2018.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.