Deepen Desai, CSO and head of security research at Zscaler, compares deception operations to motion detectors. “If I were to draw an analogy, you have locks, keys, and doors to protect your house from bad guys getting in. But when bad guys get in, whether they’re pretending to be the good guys or they’re already inside, it’s the motion sensors that you tactically place at spots in the house that are not easily visible but raise the alarm when someone is at a place where you don’t expect them to be.”
Realism is critical to the success of deception
A critical component of deception technology is the creation of assets that criminals and other threat actors believe are real, at least for a while, lest they quickly exit or avoid them altogether, which would render the deception operation useless. “You’re not going to be able to do it perfectly because you’re going to always leave some sort of weird footprint, a little flag,” Handorf tells CSO.
Getting the details right for highly elaborate deception operations is particularly important. Assets that appear fake, such as 1,000 computers all unrealistically built precisely the same way, “tip off the adversary that it’s not a real deception,” Handorf says. “Something about the host isn’t exactly right. It’s too symmetrical. In movies, people walk in, and they are like, ‘Wait, there’s something about this room that just doesn’t feel right. It’s way too convenient,’ and then, all the cops show up.”
